Skip to content

A Top Legal Industry Trend You Must Follow: Law Firm Data Security

Samuel Hatton
Samuel Hatton
February 08, 2023

Subscribe to get updates!

Table of Contents

Cybersecurity Fundamentals Training

Endsight provides a complimentary cybersecurity training. Our goal is to bring awareness of the latest trends and best practices to help reduce cyber risk for our customers, our business community, and their families.

Register Now

It’s not if, but when – breaches in law firms with under 50 attorneys have doubled in recent years.

Key Takeaways:

  • Small and medium-sized law firms are most vulnerable to attack.
  • Smaller firms are prime targets because they lack cybersecurity policies, software, and training.
  • After a data breach, you can count on about 31% of your clients leaving.
  • The average cost of a data breach for smaller firms is $36,000. You could hire another secretary for that.
  • It’s only going to get worse as hacking evolves. You have to keep up to stay safe.

It’s the era of digital transformation, and law firms are no exception. Historically slow to the party, as attorneys and their staff see the benefits of the digital way of doing business, adoption has accelerated. While many law firms are seeing productivity increases and administrative cost savings from going digital, they’re also seeing one of the major challenges of a digital ecosystem: cybersecurity.

Confidentiality is a cornerstone of the legal profession. Attorney-client privilege can’t be breached. In the old days, bad actors in an office could steal or copy important documents. Today, cybercriminals lurking in all corners of the globe have set their sites on law firms, and their grubby little fingers are everywhere. 

Law firms are prime targets for these hackers. The American Bar Association’s (ABA) 2021 Legal Technology Survey notes that 25% of respondents said that their firm had, at some time, experienced a data breach. Lawyers have ethical and common law obligations that require them to take measures to safeguard client information, as well as contractual and regulatory burdens. Cybersecurity can’t be an afterthought. Among the top trends shaping law firms today is cybersecurity. Let’s take a look.


1.1.4 Endsight infographic option 4 (approved)


Law firms and cybersecurity breaches: the cost

Cybersecurity breaches in law firms are costly in more ways than one. Money is the least of it. You could be paying the cost of reputational damage for years. Most attacks on law firms are of the ransomware variety, and the primary way this happens is through phishing emails. Client information is stolen and held by cybercriminals. They then demand a ransom, and if you don’t pay, you either don’t get your data back or it is released to the world at large. 

In 2020, a hack of celebrity law firm Grubman Shire Meiselas & Sacks led to a request for $42 million to prevent the release of stolen data. It was reported that they paid $365,000. The reputational damage is unknown, but it will likely show on annual balance sheets for some time. 

If you think that because your firm’s client list isn’t populated by the rich and famous, you aren’t vulnerable to a cyber attack, think again.

It’s clear that cybersecurity breaches are costly. There’s not just the cost of the ransom (if one is demanded). There’s the cost of cleaning up the mess, and the reputational costs can be catastrophic. We’ve said that hackers are increasingly targeting law firms, but why?

Cybersecurity breaches: Why your law firm is being targeted

Unfortunately, smaller firms are the most vulnerable to attack. Why? They assume you have weak security. They also assume you have a “penny wise, pound foolish” philosophy. Cybersecurity is just too costly, right? Completely wrong. Look at what a single breach can cost you in terms of money and reputation, and unfortunately, your law license as well.

ABA Model Rule 1.6(c) says, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” By not protecting client data to the best of your ability, you’re not only breaking a rule, but in some cases, you’re also breaking the law. California and New York have already enacted legislation to protect personal data, and other states can’t be far behind. 

A lack of even basic cybersecurity plagues smaller firms, and hackers are aware of this. They know:

  • They can get not only financial information but business strategies and proprietary information they can sell. Law firms handle tons of valuable, sensitive information, and
  • hacking a law firm is more efficient than hacking individual clients.
  • Law firms, especially small to medium-sized, are well known for having little or no cybersecurity.
  • Some of your clients may be harder to hack because they have better cybersecurity, which means you’re an easier target.
  • Remote working and associated devices that make your work more efficient are often neglected parts of a cybersecurity strategy and offer easy access.

Your law firm is vulnerable. Don’t doubt that. But are you one of the 17% of ABA survey respondents with absolutely no security policy or the 79% with no incident response plan? How about dropping into some security office hours to get best practices on data security?

How your law firm can protect its data

The first step to improving cybersecurity is a plan. Identify what needs to be secured (pretty much everything), then create and implement a data security policy. Most data security issues are caused by humans and caught by technology.

A 2022 report found that 82% of data breaches involve employees exposing information directly or through weak credentials, lost or stolen devices, clicking a link in a phishing email.… The list goes on. You and your staff are both your first line of defense and your weakest link, so cybersecurity end-user training is crucial to your firm. 

Of course, you’ll also need antivirus software, email protection, firewalls, vulnerability scans, data encryption, and many other security enhancements to be fully protected. Is your head spinning yet?

Cybersecurity is a complex, ever-evolving technological discipline. Cybercriminals are becoming ever more sophisticated. Do you or anyone on your staff have the time to constantly keep up with this evolution in cybercrime? The biggest question is, can you afford a data breach in your law firm? That answer, of course, is a resounding no.

The simplest, most cost-effective protection comes from professionals. At Endsight, we’re industry leaders in cybersecurity. Year after year, we’ve won a CRN Managed Service Provider 500 award in the Security 100 category. 

We offer complete cybersecurity protection and a variety of plans. We’re your total technology support solution to create optimal IT management and human-friendly technical support for small and medium-sized law firms throughout California and Hawaii. 

You and your firm are experts when it comes to the law – and that’s a good thing. You work hard to do your best for your clients, and at Endsight, we do, too – so you can focus on your expertise and let us worry about protecting your law firm’s digital data.

We’re experts in cybersecurity, and this cyber-sophisticated world requires cyber expertise. Endsight’s core values bring not only peace of mind when it comes to data protection, but we also offer an honest partnership, commitment to your long-term success, and unparalleled, dependable service. Reach out today.


San Francisco skyline with Oakland Bay Bridge at sunset, California, USA

Managed IT Services in the Bay Area: Let’s Cut to the Chase, Here’s the People You Want to Talk to

When It Comes to Managed IT Services in the Bay Area, We Got You Covered The San Francisco Bay Area is home to many..

A computer tech uses a laptop to troubleshoot remotely.

When I Partner with Endsight, What Am I Paying For?

Partner with the IT professionals who are invested in your success. Key takeaways: We know the true meaning of customer..

A Short History of the MSP and How to Choose the Right One for the Future.

MSP is an acronym for Managed Services Provider. But what does that mean in the world of IT? An MSP relieves businesses..