During the past two weeks, law firms around the world received a rude awakening on what had been a relatively dormant issue for the industry – cyber breaches. Despite experiencing their own Edward Snowden moment, I suspect many firms saw the news headlines, decided their firms’ no comment policies and readiness plans were sufficient, and hit the snooze button again.
The first significant event involved a Russian cybercriminal who allegedly targeted elite law firms in an effort to acquire insider information from those firms’ corporate clients. His list included 46 law firms in the United States. Days later, The Wall Street Journal reported unrelated breaches had occurred at two of the world’s largest firms, Cravath, Swaine & Moore and Weil, Gotshal & Manges.
More recently, the leak of the “Panama Papers” from the law firm Mossack Foneca consisted of more than 11.5 million documents, involving nearly 215,000 companies and 14,153 clients. In a subsequent story, The New York Times reported that after nearly a year of analyzing and verifying the documents, the original investigative team from Süddeutsche Zeitung called upon the International Consortium of Investigative Journalists (ICIJ) in Washington, D.C., for support. Within weeks, the ICIJ assembled an army of about 400 journalists from more than 100 news organizations in 80 countries to help research the documents.
Global law firms should let that information sink in – 400 journalists from 100 outlets in 80 different countries worked seamless to pour over what Mossack and its clients thought were privileged, never-to-see-the-light-of-day documents.
So all of this begs the question for law firms, what if a leak or breach occurs and the most-sensitive documents from your largest clients for whom your firm does work across the world are released? Are you truly prepared for that cataclysmic event to occur?
For middle-market or small law firms who believe that situation could never happen to them, answer this question – had you heard of Mossack Foneca prior to the incident?
Most crisis communications counselors – or as we like to say special situation counselors – have a proven readiness protocol to help clients plan for difficult situations. Where most protocols fall short is in failing to “research the unknowns.”
Using the Mossack example, the firm may have had a cyber breach communications plan with accompanying procedures and materials. Those plans would be completely useless in this situation unless they had truly evaluated what information might be revealed and the global mayhem they could cause.
In our client conversations, we stress that minimizing unforeseen variables in each scenario as a critical step to pragmatic planning. Firms should mitigate the risks in each situation by exploring and answering the external and internal blind spots in advance. Preparing for potential cyber breaches can be a time-consuming effort across many time zones for the largest firms.
So we would press those who are comfortable with their plans to review them in light of the Panama Papers. Ask yourselves what information is available to you today that could help you manage through the direst circumstances your firm could face. Then eliminate that blind spot.
Greentarget is a strategic public relations firm focused exclusively on business-to-business organizations.
We direct conversations that drive business objectives, enhance reputations and build meaningful relationships with influencers. We are a destination for talented individuals whose intellectual curiosity and commitment to our proven process drive an unparalleled level of service, results and value for our clients.