Bridgeway Insights

Why legal firms are attractive targets for cyber criminals

Why legal firms are attractive targets for cyber criminals

Posted by Louisa Mackintosh 16 January 2020

All organisations are targets for cyber attacks. But law firms are being targeted more and more by criminals. Why is this?

Legal firms need to exchange sensitive information with their clients and other stakeholders on a daily basis. This information is not only valuable but often restricted in nature. It ranges from Personal Identifiable Information (PII) to confidential client data and even trade secrets. Be it personal information surrounding divorce, or custody cases, corporate data concerning mergers and acquisitions of businesses, or Intellectual Property, the amount of critical data being held in any given law firm is vast.  As a result, the legal industry as a whole is a high-value target for cyber criminals. 

Also there's a lack of any clear set of regulations focused around data protection and security mitigation planning. As a result, many law firms are slow in developing focused cyber security policies and best practices. Therefore, not only are they easier to penetrate, but the organisations can then be slow to respond as contingency plans are thin on the ground, sometimes non-existent. If successful, these attacks can have detrimental consequences.


Lawyers and law firms are seen as trusted advisors to their clients.  A cyber attack could not only rip apart this trust but also sully their reputation, and often within the public eye. An attack can also embarrass a client, be it an individual or a corporate one, if particularly sensitive data is leaked. 

In addition to breaking that trust and relationship and being a complete PR disaster, an attack will have legal and ethical implications that can be devastating.  Protection of data, complete confidentiality and security is paramount. If these disappear, so do the clients, fast. The worst case scenario is law suits being filed due to legal or ethical contraventions. All of these lead to lost business, lower profits and loss of reputation. 

As with any industry, a cyber attack is something the legal sector would like to avoid. Being such a high value target, legal firms need to think about the security challenges they are currently facing, and put strategies in place to overcome them. 

Find out more about the Cyber Security challenges facing the Legal industry in our latest E-book: Cyber Security Challenges in the Legal Sector

Download E-book