Adding it All Up: Data Protection in the Professional Services Industry

When businesses or individuals have a problem, they turn to the professional services industry for a solution. Consultants, lawyers, marketing professionals, and other experts know how to help their clients navigate challenges and achieve success. However, without their clients’ trust, professional service organizations could struggle to deliver their best work. A data breach could break even the strongest relationships between professional services organizations and the clients they serve. In a recent survey from PWC, 70% of businesses indicated that they believe data protection and cybersecurity is a foundational element of trust.

The professional services industry continues to be a target of data breaches, as they often store large amounts of sensitive data about their clients and employees. The 2021 Shred-it Data Protection Report found that more than half of professional services organizations surveyed have experienced a data breach at some point, and 40% surveyed experienced a data breach in the past year. According to Verizon’s Data Breach Investigations Report, this amounts to nearly 1,900 confirmed data breach incidents in 2021.

Professional service firms can suffer both reputational and financial damages when managing a data breach. According to IBM’s 2021 Cost of a Data Breach Survey study, the average cost of a data breach in the professional services industry in 2021 was $4.65 million, a nearly 8% increase from 2020. In fact, data breaches in the professional services industry are more expensive than the global average cost of a data breach.

According to the 2021 Shred-it Data Protection Report, one of the larger risks to protected data in the professional services industry is the use of third-party vendors, such as software and financial providers. Forty-one percent of professional services leaders surveyed indicated that sharing data with third parties was a significant information security risk.

According to the 2021 Shred-it Data Protection Report, professional services leaders surveyed are also concerned about the risk of physical data breaches. Compared to organizations in all other industries surveyed, professional services companies were the most concerned about employees leaving confidential information on their desks. Despite this finding, just 56% of professional services firms surveyed have information security policies in place, such as a clean desk policy, which would require employees to store or shred confidential information every time they leave their desk. Additionally, only 1 in 4 professional services companies surveyed use a paper shredding service.

While some professional services organizations could improve their physical data protection strategies, they are more likely than organizations in the finance, real estate, and insurance industries to have regular infrastructure audits. Additionally, 7 in 10 professional service firms surveyed will seek help from a third-party expert to improve their security practices.

Protecting sensitive client data helps professional services workers do what they do best: help their clients reach their goals. To learn more about data protection in the professional services industry, download our Data Protection Report infographic and visit our legal services page.