European Law Firms Show ‘Worrying’ Risk Complacency, Survey Says

More than 40 percent of European law firms don’t know whether they have suffered a data breach in the last three years, a data management company said today in announcing the results of a risk survey.

Law firms’ responses to questions on data breaches, data- loss and non-compliance showed a complacency on information protection that made them the worst-performing industry in the report, according to Iron Mountain Inc. (IRM)

“If you are looking at data protection, law firms are way behind, absolutely no doubt,” said Frank Maher, a lawyer at Liverpool-based Legal Risk LLP. “A few of the largest firms are just about getting it right but the vast majority barely even get to base camp on compliance.”

Law firms averaged just 33.3 points from their survey responses out of an ideal score of 100. The financial services sector ranked highest with 46.3, compared to a European company- average of 40. The report, done with PricewaterhouseCoopers LLP and released in March, questioned 600 businesses across Europe including insurance, financial services and pharmaceutical companies.

Just under 30 percent of law firms who responded said they don’t have any training programs in place to teach employees about risk.

“Our information risk study reveals a worrying level of complacency across the legal sector in Europe,” said Christian Toon, head of information security at Iron Mountain Europe. “There’s absolutely no point in pouring resources into information security if no one takes any notice.”

To contact the reporter on this story: Jeremy Hodges in London at

To contact the editor responsible for this story: Anthony Aarons at

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.