Stats & Trends
The Barkly Team
May 2018

Law Firm Cybersecurity in 2018: Attacks and Audits Add Up


Photo by Joe Gratz

With cyber attacks increasing, the pressure is on for law firms to show that they're properly safeguarding their clients' information.

Malware and data breaches have become an immediate concern for organizations of all sizes, across all industries, but law firms have found themselves to be particularly susceptible. 

According to a CNA Professional Counsel bulletin, roughly 80 percent of the largest firms in the United States have experienced a malicious breach. In 2016 alone, the IT consultancy Logicforce found that over 10,000 network intrusion attempts were detected per day across just 200 law firms. The same study found that 59 percent of all email directed at the firms was classified as phishing or spam messages resulting in credential theft, ransomware, or “CEO fraud” attempts.

Corporate clients want to feel reassured the law firms they're engaged with are prepared to repel and withstand these kinds of attacks. As such, IT security and data management audits are increasingly being treated as prerequisites to doing business.

48% of law firms had their data security practices audited by at least one corporate client in the past year.

Logicforce | Tweet this stat

As Logicforce frames it in the company's Q4 2017 Law Firm Cyber Security Scorecard, "These corporate audits will continue to increase in volume and complexity, basically leaving law firms with no choice but to comply or lose their business, similarly to the way law firms begrudgingly complied with the corporate demand for alternative fee arrangements, which are now the industry norm."

In this post, we'll explore why firms of all sizes are experiencing more cyber attacks, how the costs associated with those attacks are rising, and what firms can do to better protect their data, their reputation, and their clients.

Free eBook: Essential Guide to Blocking Malware

Take the next step in protecting your firm from ransomware, exploits, and other threats. Download the guide

Why are law firms a target for cyber attacks?

Legal firms are desirable targets for three primary reasons:

  1. They house valuable, confidential data: The vast majority of cyber attacks are conducted for financial gain, whether that's achieved by extorting payment via ransomware, or by accessing private data and selling it on the black market. Law firms are ripe with valuable data in the form of trade secrets, intellectual property, and information regarding prospective business deals. In one 2016 incident, attackers hit several well-known M&A firms with more than 100,000 attacks over just three months, earning more than $4 million by selling the stolen information.

  2. They have money: While ransomware has popularized digital extortion by locking down victim files and holding access to them ransom, there are still plenty of cybercriminals who treat attacks more like traditional heists by going straight for the cash. Exhibit A: A firm in Toronto saw a six-figure sum stolen from its trust account when a Trojan swiped the firm’s banking passwords. Exhibit B: Last August, a firm that had just settled a wage-and-hour class action case was duped into sending the half-a-million-dollar settlement to a scammer by way of a phishing email disguised to look like it was coming from the case administrator.

  3. They’re not prepared: Despite the growing threat, the vast majority of firms lack the proper policies, procedures, and precautions to constitute a proper defense. According to the Logicforce Q4 2017 Law Firm Cyber Security Scorecard, 62% of law firms do not have a dedicated information security professional, less than a third have formal cyber security training programs, and only 41% have formally documented cyber security policies.  

It’s not just the big firms

The NotPetya attack on global firm DLA Piper made headlines around the world last summer when it crippled the firm’s Washington, DC office and put roughly 3,600 attorneys and support staff across 40 countries on lockdown. The incident and related recovery efforts lasted for weeks, during which time telephone service, email, and other vital systems were all affected. In total, it was estimated the attack cost the firm millions in downtime, lost business, and bad publicity.

While the headlines tend to focus on attacks on big firms, that's not to say attacks on smaller firms aren't taking place — only that they're going underreported. Last year's attack on Moses Afonso Ryan, a 10-attorney firm in Rhode Island, is a good example that helped shed light on the amount of damage and disruption malware can trigger inside small practices. It, too, garnered news coverage, but only after the firm sued its insurance company for failure to pay its claim for lost business.

Hit with ransomware, the firm had trouble acquiring the required cryptocurrency to pay the ransom. Even when they finally paid the $25,000 bounty, it was after the deadline imposed by the attackers, and their files remained encrypted. The incident left all 10 attorneys at the firm unable to bill for a single hour for three months, resulting in $700,000 in lost business.

The cost of malware is mounting for law firms

A recent study from the Ponemon Institute estimates the average cost of a successful malware attack has reached $5 million. But the reality is, most law firms have no idea what such an event might cost. Nearly three-fourths of firms have not assessed the potential cost of an internal data breach and 62% haven’t estimated lost revenue.

Ponemon has also pegged the cost of a breach at $141 per record. Considering that even a small firm might have thousands of data records, it’s easy to see how the cost can escalate quickly. That's not to mention the fact that downtime caused by malware incidents equates directly to lost money.

Every minute spent unable to access critical records is time law firms can't bill for. Downtime from malware equates directly to lost money.

In addition, reputation damage can be substantial. Just ask the Panamanian firm Mossack Fonseca, whose involvement in the now-famous Panama Papers leak “resulted in unwelcome publicity to the firm and its international clients, whom the Panamanian lawyers had apparently helped set up offshore entities to evade their respective countries’ income taxes on eye-popping wealth,” according to a report.

However, firms don’t even need to experience a breach to suffer damages. A class action suit against the Chicago firm Johnson & Bell alleges that the firm committed malpractice by failing to maintain adequate cybersecurity standards. According to the federal complaint, “Johnson & Bell has injured its clients by charging and collecting market-rate attorney’s fees without providing industry standard protection for client confidentiality.” The suit alleges class representatives were damaged by the risk that their information could be compromised, pointing out that no information was actually compromised.

5 things law firms can do now to improve their cybersecurity

With mounting evidence pointing toward the growing risk, it's imperative for law firms to move quickly to step up their defenses. As Logicforce confirms, "Law firms can only expect to be held to an increasingly higher standard of data security if they want to continue to do business with their existing, as well as prospective, corporate clients in the future."

The good news is there are several clear, practical steps firms can take that can yield immediate results:

  1. Explore a new solution that improves on antivirus: In the majority of successful attacks, AV and other protections were in place, yet they failed to stop malware. That’s because the ways attackers are packaging, delivering, and deploying malware have evolved to evade AV detection. To keep up, law firms need to investigate using a new endpoint protection solution like Barkly, which is designed to block malware in addition to the underlying malicious behaviors and exploit techniques attackers rely on. As a result, Barkly blocks infections regardless of their source, and stops them in real-time before any damage is done.

    Close the gaps in your endpoint security

    Find out if Barkly's stronger, easier-to-manage protection represents a step-up from your antivirus. Download our AV Gap Analysis

  2. Establish formal policies: According to Logicforce, only 43 percent of firms have formally documented cybersecurity policies, incident response plans, or backup and restoration procedures. Establishing these policies is critical for creating a foundation which you can build on through execution, training, auditing and more.

  3. Make cybersecurity training mandatory for employees: Fewer than a third of firms have mandatory training for employees. This is low-hanging fruit. Your employees are a crucial line of defense against suspicious emails — the most common attack vector. There’s no reason not to train them to work smarter and be on the lookout for scammers.

  4. Conduct port scans to see what's exposed: Email may be the most common way attackers get malware onto victim systems, but there's another well-worn path that arguably provides attackers with even easier access — scanning the Internet for systems with open ports that are exposing Remote Desktop Protocol (RDP), virtual network computing (VNC), or other remote administration services, and hijacking those services to get access to victim servers. IT teams should use scanning tools like Nmap, masscan, and Shodan to see if their networks have any of these services exposed. Attackers are already doing so, so it's well worth taking a few minutes to see your network through their eyes.

  5. Tap into available resources: The American Bar Association offers a comprehensive cybersecurity guide for law firms, which includes both prevention and response tactics. 

To learn how Barkly helps law firms improve their cybersecurity with stronger protection that's easier to manage, visit

The Barkly Team

The Barkly Team

Providing the latest security alerts and updates with context that makes them useful.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.