Should lawyers outsource cyber security?

I recently came across an interesting article titled “The Importance of Cybersecurity to the Legal Profession and Outsourcing as a Best Practice – Part One.”  The author, Ralph Losey, suggests that:

[c]ybersecurity should be job number one for all attorneys. Why? Because we handle confidential computer data, usually secret information that belongs to our clients, not us. We have an ethical duty to protect this information under Rule 1.6 of the ABA Model Rules of Professional Conduct. If we handle big cases, or big corporate matters, then we also handle big collections of electronically stored information (ESI). The amount of ESI involved is growing every day. That is one reason that Cybersecurity is a hard job for law firms. The other is the ever increasing threat of computer hackers.

One solution suggested by the author is “outsource e-discovery data possession and cybersecurity of large collections of client data to trusted professionals.”

I have previously written about my thoughts on the issue of data control when outsourcing and some key questions to ask if you choose to outsource firm and client information (here).  Done properly, outsourcing cyber security issues can be effective in protecting firm and client information.

Mr. Losey’s article is worth a read and I’m looking forward to the remaining article in the series.

What are your thoughts on outsourcing cyber security for firm and client information?