Law Firms, Cybersecurity & Vendor Risk Management Questionnaires


Law firms IT staff struggle to maintain an appropriate security posture as they also spending time answering legal client Vendor Risk Management questionnaires. The uptick in vendor risk management questionnaires seems to have started following the Target data breach that originated with an HVAC vendor.  Corporations saw the damage done to Target and corporate executives saw the it could be a career limiting event as the Target CIO and CEO soon departed.

The corporate client concern seems valid in light of recent law firm data breach numbers. A 2019 statistic from the American Bar Association indicates that “26% of respondents report that their firms have experienced some sort of security breach (including hacker activity and website exploits to more mundane incidents such as lost or stolen laptops).”

Law firms are responding to these requirements by looking for an easier way to satisfy their legal clients audits.  Arctic Wolf has gained some experience helping law firms tick the appropriate boxes in vendor risk management questionnaires around vulnerability assessment and security monitoring. As the fastest growing managed security service provider (MSSP) according to the 2019 ILTA technology survey, we regularly help our law firm customers to satisfy vendor risk management questionnaires and audits around security.  One consistent theme I hear is that the vendor risk management surveys vary.  There are no corporate standards around the questionnaires and every enterprise has what they consider to be unique risks to evaluate.

There are tools available such as the ILTA Law Firm Security Assessment Questionnaire to help you understand your security posture.  In terms of responding to the security monitoring and vulnerability assessment pieces of the questionnaires, you can “roll your own” or you can use a managed service (security operations center (SOC)-as-a-service). Given how lean more law firm IT staffs run, we are finding that SOC-as-a-service offerings like Arctic Wolf act as a force multiplier that offloads considerable work around monitoring and reporting and thus allows IT staff to focus on higher-priority projects.

Stop by Arctic Wolf (Booth #509) to learn more about how SOC-as-a-service can improve your security while allowing you to better answer vendor risk management questionnaires!

Return to Editing