Almost half the staff at SME law firms say their firms have been attacked by fraudsters within the past 12 months, a survey has found.
At the same time, the research into how firms are responding to risk management and compliance found evidence more generally that firms are “turning regulation into a business driver, rather than viewing it as a constraint”.
The report by national law firm network LawNet – based on a poll of 585 staff at 71 member firms across the country – said fraud and cybercrime continued to be the “hottest” risk management topics for law firms.
Some 48% of employees said their firm had suffered a fraud attack in the last 12 months (successful or not), 23% said their firm had not suffered an attack and 29% said they did not know.
Four in ten firms ranked cybercrime and fraud as the biggest threat for 2017, followed by data protection, maintaining robust IT systems and information security.
The survey found that junior and administrative staff were more likely to think of effective risk management in terms of reducing “regulatory repercussions”, while senior lawyers tended to focus on the benefits for the firm’s financial management and reputation.
“Interestingly, most of the staff taking part in our research said they could see that risk management was a vital business tool.
“However, our research also showed that junior and admin staff were more likely to see compliance as the most important aspect of risk management.
“It’s an attitude that persists across the sector, with fear of the SRA and the need to satisfy regulatory requirements often dominating attitudes, with less attention paid to reputational and financial risks.”
Better client service was the most popular choice as a benefit flowing from better risk management, followed by reduced indemnity insurance claims and protection of the firm’s reputation.
The report said: “Effective risk management is about more than simply ‘ticking the box’ for compliance or quality management purposes. It’s about creating the right blend of culture, process and customer service, all wrapped up in a risk management strategy.
“As well as reducing claims, and hence your PII premiums, such a strategy should deliver far-reaching and tangible benefits that pay out all year round, by helping you to choose clients who will keep cash flowing, filtering out inefficient suppliers, and attracting and retaining excellent employees.
“There should be a direct impact on your bottom line, and strong processes will help to keep both your insurers and bankers happy, as well as tackling fraud.”
The survey found that over 95% of respondents understood their firm’s policies in the key areas of banking and client payments, and managing files and equipment away from the office.
Administrative and secretarial staff were the most likely to respond that they did not know the firm’s policy for dealing with the former.
Over 90% of staff were aware and understood their firm’s policy regarding the use of social media.
Chris Marston, chief executive of LawNet, added: “Fraud is top of the radar for most firms, and rightly so, looking at the figures. But firms need to look at the bigger picture if we are going to tackle this across the sector.
“Embedding the right culture, so every member of staff is clued up and signed up, is how we’ll achieve this, while bringing real business benefits through better customer service and increased competitiveness.
“Complaints about over-regulation, and the resulting burden on firms, are part of the day-to-day, but our membership enables us to speak on behalf of a sizeable constituency of larger SME firms, and the evidence is that increasingly they are turning regulation into a business driver, rather than viewing it as a constraint.”
Cybercrime and fraud is definitely the biggest threat for 2017, but it’s also a massive opportunity. SME firms that have rigorous internal processes, and wider expertise in the full spectrum of cyber law can turn threat to success. The impact of Brexit, GDPR and a new global political landscape means clients are crying out for specialist legal expertise in cyber law, risk management and data protection. They are also looking for lawyers who understand the broader issues of reputational risk. We’ve recognised this gap and have attracted a prominent Cyber Lawyer to our commercial team, Dean Armstrong QC. We couldn’t offer advice if our own house wasn’t in order. We have invested in robust systems and training to make sure there is clear understanding and appreciation across our team so all colleagues understand there are not just legal ramifications of non-compliance, but that a firm can rise and fall on the strength of its security.