RiskLens is the leader in cyber risk quantification software and services.
With databases filled with records on PII, IP and highly sensitive corporate documents, accountants, attorneys, engineers and other professional firms are increasingly targeted by cyber criminals. In the American Bar Association’s 2021 Legal Technology Survey Report, 25% of the respondents said their law firm had been breached at some time. The report also found that many law firms "are not using security measures that are viewed as basic by security professionals.”
Estimate of Probable Costs from a Ransomware Attack on a Professional Services Firm of Bansley & Kiener’s Size
For the purposes of analysis, let’s consider Bansley & Kiener’s cyber incident a ransomware attack; the firm’s announcement letter to clients in December, 2021 said that an attacker encrypted some systems in December, 2020, the firm restored from back-up but learned in May, 2021, that information on 274,000 persons had been exfiltrated.
Using the RiskLens My Cyber Risk Benchmark tool, we can estimate the effect of a ransomware attack on a professional services organization of Bansley & Kiener’s size:
The authoritative 2022 Verizon DBIR reports that the Professional Services industry category was hit with 681 data breaches in 2021, placing it slightly below Finance for the second-worst record among 21 industries surveyed.
The RiskLens data science team estimates risk for companies in an industry category based on the cyber events history plus a wide range of parameters such as revenue, number of employees and number of database records.
In RiskLens modeling (shown in the charts below):
Adjusting the parameters on the My Cyber Risk Benchmark tool gives clues on how to reduce cyber loss exposure.
For instance, reducing the number of records in a database, but leaving the other settings the same for a professional services company shows big improvement for a ransomware event
To rate security posture, the Benchmark tool incorporates grading by SecurityScorecard. Here’s how the annual probabilities of a ransomware attack go up for a professional services firm as security grades go down, suggesting the value of controls investments.
Try the My Cyber Risk Benchmark tool for yourself – get a free trial.