Risk

2014 Annual Law Firms’ Survey

Information security should be high on the agenda of Boards of all UK law firms; more focus and resource is required in this area. Linked with this, UK law firms remain behind other sectors in the extent of their use of internal audit.
  • Internal audit functions within law firms are generally under strength when compared to businesses of equivalent size and complexity in other sectors.  The majority of law firms are spending significantly less than the general benchmark of 0.05% of revenues on internal audit.
  • Law firm internal audit functions typically only focus on the traditional financial and operational controls.
  • Leading internal audit functions are partnering with the business and are more focused on efficiency gains and improving process, not solely focussed on financial or operational performance.
  • Information security remains high on the agenda for law firms. Keeping pace with threats is a challenge, and for many firms more focus and resource is required to match the efforts of listed businesses in the UK.
  • With increased reliance on digital business processes in an interconnected world, law firms are still seen as a “weak link” and need to be more sophisticated about how they protect their own and client data.
  • 45% of all law firms have suffered from a security incident in the last 12 months and out of that population, 5% are dealing with staff related security incidents on a weekly basis.
  • Cyber security is not just about technology and computers. It’s about people, information, systems, processes, culture and physical surroundings.