Why Law Firms are Vulnerable to a Cyberattack

According to our insurance carriers, lawyers are now the top sector targeted by threat actors. Of course, law firms are no strangers to threats from cybercriminals, but the nature of this threat has changed over time. Cybercrime was primarily an end-user problem in the past, with hackers seeking to steal financial information.

Today, the danger has shifted-instead of stealing data, criminals are using malware attacks on legal practices to gain access to sensitive legal information.

Why Hackers Target Law Firms

Cyber breaches increasingly plague legal offices of all sizes for a variety of reasons. Due to the amount, type, and organization of information stored in law firms’ systems, as well as the amount of money that moves through them for litigation and transactions, law firms remain targets.

In addition, the number of lawyers working remotely is increasing, and threat actors are constantly updating and improving their attacks. Though threats continue to evolve, the most successful exploits are not new, just refined.

Cybercrime has been labeled the number one threat to these businesses. The American Bar Association reports that lawyers are increasing their use of enhanced security measures and cyber liability insurance policies to safeguard against cyber threats.

A report by Law360 Pulse revealed a spike in breaches of firms under 50 lawyers in 2021. From 33 breaches in 2020 to 68 breaches in 2021, an increase of more than 100%, and 106 out of 116 breaches occurred due to hacking, phishing, or malware.

Carriers Acknowledge Growing Risk

According to reports from insurance carriers, threat actors are obtaining and leaking sensitive data, whether it’s class action lists, divorce settlements, or other vulnerable client information leading to extreme extortion demands far higher than in any other industry.

Consequently, legal services providers are more inclined to pay ransom demands because of possible reputational and legal repercussions.

Law Firm Cyber Attack Statistics:

  • According to one insurance carrier, the six most significant ransomware claims in the past 12 months all involved professional service firms, exceeding $5 million in costs.
  • Cybercriminals are widely known to be demanding more than five times the extortion demand from law firms than in any other industry.
  • Professional service firms make up only 14% of the businesses in the US but makeup over 25% of ransomware attacks.
  • Due to inadequate security measures, most ransomware attacks are on small and medium-sized firms.

Importance of Safeguarding Your Firm

Ransomware threats are on the rise on so many fronts that it’s no surprise cyber insurance rates have increased too, reportedly between 30 to 150% on average and rare cases up to 500%.

So, in addition to tightening rates and capacity, underwriters are looking at how companies maintain their cybersecurity, with most insurance carriers requiring Multi-Factor Authentication (MFA) on all fronts; email, remote access, and privileged users. In some cases, insurance carriers are starting to deny renewal coverage to companies that don’t have MFA.

In addition, some carriers are adding a minimum 20% ransomware coinsurance provision to their coverage proposals.

For this reason, we recommend you consider putting in place the proper safeguards to prevent a cyberattack. In addition to reducing the risk of cybercrime at your firm, it is also wise to ensure your firm has the right level of insurance protection against an attack.

Cyber Insurance for Law Firms

Cyber insurance can help protect organizations from the financial impacts of a cyber attack. For law firms, this can include coverage for costs associated with responding to a breach, such as hiring a forensic investigator to identify the extent of the damage and the source of the attack.

Additionally, it could cover the cost of notifying affected customers and legal fees that may be incurred. cyber insurance policies also often provide access to a network of experts and resources that can help a legal firm respond to a breach.

For example, many policies include access to a team of cyber response specialists, such as forensic investigators and public relations experts. These specialists can help the firm launch an effective response plan.


In conclusion, law firms are increasingly becoming targets for cybercriminals due to the sensitive legal information they possess and the amount of money they handle. Remote work has also made it easier for threat actors to launch attacks.

The American Bar Association reports that attorneys are increasing their use of enhanced security measures and cyber insurance coverage to safeguard against cyber threats. Cyber insurance can help protect legal firms from the financial impacts of a cyber attack. This includes coverage for costs associated with responding to a breach, notifying affected customers, and legal fees.

Take Action to Safeguard Your Legal Firm

Find out how Mason-McBride can protect your law firm from the threat of cyber attacks – request a proposal.

YouTube video

For helpful tips on other popular topics, check out articles on:

Article By Jamie Parry

Request Your Proposal Here

Are you ready to save time, aggravation, and money? The team at Mason McBride is here and ready to make the process as painless as possible. We look forward to meeting you!