Cyber criminals target banks and financial institutions because that is where the money is. This traditional theory has now been expanded to other segments as well as either money or money worth information and data is available at multiple platforms and locations. Law firms are one such place where money worth information is available. The potential buyers for information extracted from laws firms range from competitors to cyber criminals. This is the reason why law firms are facing increasing and incessant cyber attacks and in most of the cases cyber criminals successfully get the information they are looking for.
There are no universally acceptable cyber security treaties or convention as on date. This is a problematic situation as cyber security is an international issue (PDF) and not a national one. Therefore, an international cyber security treaty is required (PDF). In the absence of such globally acceptable cyber security treaty, the conflict of laws in cyberspace would continue to make the things difficult. International legal issues of cyber attacks must be addressed by all nations as soon as possible. India must also safeguard its critical infrastructures and other utilities from global cyber attacks and cyber threats.
Cyber security in India is still maturing and the cyber security trends and developments in India 2013 (PDF) projected many shortcomings of the same. The cyber security policy of India 2013 has still not been implemented by Indian government and various stakeholders like banks have ignored the same as mere non obligatory guidelines.
Companies and individuals are still not much concerned about ensuring a robust cyber security. Even cyber security best practices in India have not been formulated by most stakeholders, including Indian government. There are very few law firms that are practicing in the field of cyber security and who understand the complexities and requirements of cyber security at national and international levels.
Law firms have not only the cyber security obligations but they also have obligations arising out of e-discovery and cyber forensics legal mandates. Indian government is planning to formulate the e-mail policy of India that would be implemented by government officials around the India. Such a policy may be required to be followed by all stakeholders, including law firms, in future. The cyber security laws in India may also be formulated very soon that would impose obligations upon law firms to protect the data and information of their clients.
Even at the international level, law firms are not managing cyber security related obligations in a proper manner. Most of the times cyber breaches are not reported at all and this puts sensitive data of clients at risks. A well planned cyber security strategy for law firms is need of the hour that every law firm must put in place and implement the same effectively and dedicatedly.