Our insurance carriers say lawyers are now the top sector targeted by threat actors. Of course, law firms are no strangers to threats from cybercriminals, but the nature of this threat has changed over time. Cybercrime was primarily an end-user problem in the past, with hackers seeking to steal financial information.
Today, the danger has shifted-instead of stealing data; criminals are using malware attacks on legal practices to gain access to sensitive legal information.
Why Hackers Target Law Firms
Cyber breaches increasingly plague legal offices of all sizes for various reasons. However, law firms remain targets due to the amount, type, and organization of information stored in law firms’ systems and the amount of money that moves through them for litigation and transactions.
In addition, the number of lawyers working remotely is increasing, and threat actors are constantly updating and improving their attacks. Though threats continue to evolve, the most successful exploits are not new, just refined.
Cybercrime has been labeled the number one threat to these businesses. The American Bar Association reports that lawyers are increasing their use of enhanced security measures and cyber liability insurance policies to safeguard against cyber threats.
A report by Law360 Pulse revealed a spike in breaches of firms under 50 lawyers in 2021. From 33 breaches in 2020 to 68 breaches in 2021, an increase of more than 100%, and 106 out of 116 breaches occurred due to hacking, phishing, or malware.
Carriers Acknowledge Growing Risk
According to reports from insurance carriers, threat actors are obtaining and leaking sensitive data, whether it’s class action lists, divorce settlements, or other vulnerable client information leading to extreme extortion demands far higher than in any other industry.
Consequently, legal services providers are more inclined to pay ransom demands because of possible reputational and legal repercussions.
Law Firm Cyber Attack Statistics:
- According to one insurance carrier, the six most significant ransomware claims in the past 12 months involved professional service firms, exceeding $5 million in costs.
- Cybercriminals are widely known to demand more than five times the extortion demand from law firms than in any other industry.
- Professional service firms make up only 14% of the businesses in the US but make up over 25% of ransomware attacks.
- Due to inadequate security measures, most ransomware attacks are on small and medium-sized firms.
Importance of Safeguarding Your Firm
Ransomware threats are on the rise on so many fronts that it’s no surprise cyber insurance rates have increased too, reportedly between 30 to 150% on average and rare cases up to 500%.
So, in addition to tightening rates and capacity, underwriters are looking at how companies maintain their cybersecurity, with most insurance carriers requiring Multi-Factor Authentication (MFA) on all fronts; email, remote access, and privileged users. In some cases, insurance carriers are starting to deny renewal coverage to companies that don’t have MFA.
In addition, some carriers are adding a minimum 20% ransomware coinsurance provision to their coverage proposals.
For this reason, we recommend you consider putting in place the proper safeguards to prevent a cyberattack. In addition to reducing the risk of cybercrime at your firm, it is also wise to ensure your firm has the right level of insurance protection against an attack.
Cyber Insurance for Law Firms
Cyber insurance can help protect organizations from the financial impacts of a cyber attack. For law firms, this can include coverage for costs associated with responding to a breach, such as hiring a forensic investigator to identify the extent of the damage and the source of the attack.
Additionally, it could cover the cost of notifying affected customers and legal fees that may be incurred. Cyber insurance policies also often provide access to a network of experts and resources that can help a legal firm respond to a breach.
For example, many policies include access to a team of cyber response specialists, such as forensic investigators and public relations experts. These specialists can help the firm launch an effective response plan.
Conclusion
In conclusion, law firms face mounting cybersecurity risks as lucrative targets for cybercriminals. The sensitive client information and funds they handle make the legal sector vulnerable to attacks aimed at theft and disruption. Remote work arrangements precipitated by the pandemic have also enlarged the attack surface and exposed new weak points that can be exploited.
Cyber insurance can financially offset costs from notifications, legal services, PR, and business interruption resulting from an attack. However, technology and insurance must work hand-in-hand with training to create a culture of security awareness. Lawyers and support staff should adhere to best practices around passwords, phishing identification, multi-factor authentication, and incident reporting. With persistent vigilance and a multilayered approach, law firms can mitigate risks and demonstrate resilience in the face of increasing cyber threats
Take Action to Safeguard Your Legal Firm
Find out how Mason-McBride can protect your law firm from the threat of cyber attacks – request a proposal.

For helpful tips on other popular topics, check out articles on:
- Decoding E&O Insurance Policy Language
- Cyber Insurance Coverage Exclusions
- Ransomware Developments
- Cybercrime Targeting Small Businesses
Article By Jamie Parry