Webinar Replay: Security and Compliance – Preparing for the Inevitable

The webinar, hosted by Legal IT Insider’s Caroline Hills, examined why cyber‑security and regulatory compliance are no longer optional for law firms. Tom Holay, head of cyber security at Red Centric, warned that attacks on the legal sector have surged 77% in the past year, with business‑email‑compromise featuring in more than 90% of incidents, and highlighted the imminent Cyber Security and Resilience Bill that will tighten oversight across the industry.

Holay outlined the evolving threat landscape: supply‑chain vulnerabilities, AI‑driven data leakage, talent shortages, and relentless budget pressure. He critiqued the traditional “four T’s” (terminate, transfer, treat, tolerate) as overly defensive, urging firms to view risk as a potential upside and to adopt flexible controls that can be scaled during mergers or crises. He cited the World Economic Forum’s risk rankings—cyber‑espionage and misinformation topping short‑term concerns—and a Business Continuity Institute report placing cyber attacks as the top risk for the next twelve months.

Key moments included a Bill Gates quote about under‑estimating long‑term change, and a Boston Consulting Group study showing that companies deemed resilient outperformed peers by 30% over three decades. Holay also warned that ransomware‑induced outages can push firms into administration, underscoring the real cost of inadequate preparation.

The takeaway for legal practitioners is clear: proactive leadership, robust governance, and a balanced risk‑management framework are essential. By aligning people, processes, and technology with business objectives—and speaking the board’s language—law firms can not only survive cyber incidents but also leverage them as opportunities for competitive advantage.