Get Started

Contact Us

Get In Touch

Fill out the form below and we will contact you shortly.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.


Cybersecurity: An Essential for Law Firms

Lawyers create and depend on a bond of trust with clients. Preserving and protecting clients’ sensitive personal information is an essential pillar for maintaining this trust. When a cyber-attack leads to a serious breach, the promise of confidentiality is at significant risk. The firm could be confronted with the loss of clientele, their professional reputation and significant liability.

Reports of cyber security breaches of law firms stay linked to the top of search engines results warning existing clients and deflecting potential new business. One leak can tarnish a firms’ reputation which could take years of energy and expense to repair.

According to a 2017 survey from The American Bar Association (ABA), 43% of law firms reported cybersecurity events while 23% were unsure. The ABA states that “clients are increasingly focusing on the information security of law firms representing them and using approaches like required third-party security assessments, security requirements, and questionnaires.”

Law firms need reliable cybersecurity frameworks to protect legal information, their clientele and their own liability.

These increasing cybersecurity liabilities have led some firms to implement measures to safeguard client information and adopt various security programs. However, less than one-third of law firms have planned to adopt full security assessments from independent third parties. Law firms need reliable cybersecurity frameworks to protect legal information, their clientele and their own liability.

Commonly Leaked Information

Cybercriminals leak information for one of two reasons: to profit or make a personal or political statement.

Targeted data in a breach can include:

  • Personal information: This data could include sensitive personal information such as social security numbers, tax identification numbers, legal issues, tax records and information that could potentially be used for blackmail and extortion.

  • Sensitive non-public information: This data could include internal financial projections, case information and credit worthiness data. 

  • Mergers & Acquisition information: This data could include confidential corporate information regarding proposed or pending mergers or acquisitions. Such leaks could be used for illegal stock trading, damage a transaction, impact the reputation of the law firms, affect the strategic plans of one or all companies and create significant liabilities.

  • Disclosed information between different parties. his data could include sensitive files, information, attorney client privileged documents gathered during discovery or other legal processes. 

  • Intellectual property. This data could include patents, trademarks, copyright and trade secrets, confidential negotiations details of certification processes, IP due diligence, and intellectual property claims. If such information was leaked to the public or stolen by a competitor it could erode the client’s competitive position and create potential liabilities.  

Cybersecurity Vulnerabilities 

The bigger the law firm, the higher the risk it has for a cyber attack

Consistently, law firms battle the threat of cyberattacks, which take a variety of forms. According to the ABA, the bigger the law firm, the higher the risk it has for a cyber attack. It is important for firm leadership to understand common cybersecurity threats and take steps to mitigate risk factors.

  • Phishing Scams.  59% of all email deliveries sent to law firms fall under the category of phishing/spam emails. Cybercriminals use phishing scams to fraudulently pose as a genuine client and wait for their victims to click a link or open a document. Within seconds, the cybercriminal has access to sensitive information and the cybersecurity of the lawl firm has been compromised.

  • Obsolete Technology: Existing computer systems, networks and software operated by law firms are often outdated and vulnerable to cyber security breaches. New technology alone is not the solution.. Strong cybersecurity posture requires expertise to integrate security, monitor and enforce compliance to protect your most valuable assets. 

  • Ineffective Third Party Risk Management: More than 60% of breaches are associated with third parties, while 80% of law firms do not have a process for third parties’ cybersecurity validation. 
  • Unauthorized Access: Vulnerable systems may allow attackers to gain remote access to the firm’s internal servers which result in confidential information being compromised. Law firms that lack information security procedures are exposed to a higher than average risk of cyberattacks.  

Cybersecurity Compliance Standards

The American Bar Association (ABA) has established cybersecurity and data protection ethical obligations for lawyers through formal opinion 477R, 482, and 483, as well as Model Rule of Professional Conduct 1.1. The top security practices include obtaining cyber liability insurance, undertaking formal data protection assessment and developing data breach plans. 

Cybersecurity Trends for Law Firms

  1. Compliance with New Regulations. Law firms and their clients must adapt to the plethora of new cybersecurity regulations and legislation in the US.

  2. Heightened Consumer Privacy. The legal field is anticipating and preparing for the enforcement of new consumer data protections by groups ranging from privacy commissions and industry regulators.

  3. Security & Cyber Attacks. The trend of increasing cybersecurity requirements is perhaps the most significant shift for how law firms interact with their clients. Law firms are transitioning their view of cybersecurity management from avoiding potential compliance issues to mitigating a substantial liability that could hurt or prevent them from serving their clients.

Headline Hacks 

As a high value target for cyber hacking, law firms need to establish cybersecurity as a priority.

In 2016, three Chinese citizens received criminal charges in the United States for obtaining confidential corporate information by hacking into the networks and servers of law firms working on mergers and acquisitions involving Intel Corp and Pitney Bowes Inc. 

The trio gathered inside information and placed trades in at least five business stocks based on data obtained from the law firms and profited by more than $4 million.

"This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking because you have information valuable to would-be criminals." 

- U.S. Attorney Preet Bharara in Manhattan (link). 

Reputation Matters and Cybersecurity Measures Can Protect It

Cybersecurity attacks on law firms has led many to implement measures to safeguard client information and adopt various data security programs. Cybersecurity is essential to protect law firms from threats posed by cyber-criminals who would seek to benefit from the sensitive non-public information in their custody.

CyLogic deeply understands the threats faced by law firms. When the Department of Defense (DOD) and Department of Homeland Security (DHS) required a framework for secure usage of cloud services for their sensitive data, they created FedRAMP - the world's most comprehensive and strict cloud security standard.  

CyLogic’s flagship offering, CyCloud, provides a secure enterprise cloud environment that delivers a higher level of security than any public cloud provider. Our team would be happy to discuss how we can assist you to mitigate the complex challenges faced by your law firm.

Related Posts