Trends in cyber security with law firms
Cyber security within law firms has become a key topic in 2018. With some high profile breaches, embarrassing clients, law firms have firmly realised the importance of information security and are actively improving their people and technology.
Historically, information security was not an area law firms would invest in. Often the roles would be hybrid roles, combining perhaps business continuity or physical security with information security. These roles were traditionally paid and recruited at a manager level, perhaps paying around £60,000. While other industries have been paying and recruiting at higher levels for some time, this is now changing and there are a select few CISO’s paid into the hundreds of thousands. In general, investment is going up. That means more hires and higher salaries. This is also an exciting area for cyber security professionals to go in. Many people in cyber jobs love a challenge and see a greenfield site or a department that needs improvement, as their ideal role.
There are some key challenges that law firms face. Often, they are working with legacy systems and may be suffering from historic under-investment in IT. Law firms keep a huge amount of data, and often need to access this data at short notice. This makes encryption challenging as the balance between security and accessibility needs to be met. With clients now demanding a level of security not seen before, this problem has to be addressed.
There is now a merge between roles which are fee generating and operational. It may be that staff who were traditionally operational are being asked to work with clients and provide them with assurance that the firm has adequate security measures. Or it may be that fee generators, recognising the importance to clients, are helping make sure that their own processes are in place. This is essential for large corporate clients who will have policies and will be passing requirements through to suppliers. It will also be important to HNW individuals who take their personal cyber security seriously.
Some select firms are also seeing this as a revenue generator. GDPR was the obvious introduction to this but this has enabled firms to do work, that would have traditionally sat within a consulting function. Clifford Chance is the most notable of these. They put out a press-release to announce that they now have a cross-practice tech group. This allows the firm to better service their clients, by mitigating the specific risks that come with technology, particularly in areas such as M&A, who may not have otherwise considered this angle.
Overall, law firms are hiring into interesting roles, in greater numbers and at competitive salaries. It’s a great time to consider a job within this industry.