Legal industry urged to revisit cybersecurity protocols as attacks increase

SHERRY KARABIN
Legal Tech News
Published: September 5, 2025

No sector is immune from data breaches, but the legal industry is particularly vulnerable due to the sheer amount of confidential information processed and stored by institutions.
And statistics show cybercriminals are taking full advantage, launching more frequent and sophisticated attacks against law firms and other entities in the sector.
In an August 19 post on Legal Tech Daily (https://www.legaltechdaily.com/2025/08/when-legal-privilege-isnt-enough-cyber-threats-escalate-in-the-legal-industry/), journalist Rob Robinson says the increasing number of cyberattacks should serve as a wake-up call to legal professionals that system vulnerabilities must be addressed.
In his story entitled, “When Legal Privilege Isn’t Enough: Cyber Threats Escalate in the Legal Industry,” Robinson highlights some of the recent headline-grabbing incidents, underscoring the high cost of data breaches.
Robinson points to the massive cyberattack earlier this year on the law firm Kelley Drye & Warren, which led to a lawsuit in a New York state court accusing the firm of failing to adequately protect confidential information.
Initiated by a former employee of a Kelley Drye client after receiving notification of the breach in July, the suit alleges that the exposure of sensitive client and employee data such as social security numbers and driver’s license details resulted in an increase in phishing and scam attempts affecting those exposed.
Similar breaches have led to other firms facing substantial settlements, including Orrick, Herrington & Sutcliffe, which shelled out $8 million last year to settle claims involving over 600,000 compromised personal data records.
In addition to the cost, the incidents can substantially harm a firm’s long-term reputation.
In the wake of the growing number of threats, the judiciary is adopting new strategies to help keep data secure, said Robinson.
For example, federal districts, including Washington and Florida now require sensitive documents to be filed physically. While the change is considered temporary, it illustrates the severity of the challenges facing judicial systems.
It’s not only firms that are vulnerable, Robinson said the recent cyberattack on the Pennsylvania Attorney General’s Office reveals how government entities are also susceptible to intrusions that can compromise investigations and legal proceedings.
As institutions continue to fall prey to cyberattacks and other scams, safeguarding sensitive information must be a major priority, said Robinson.
He urges businesses in all sectors to institute a variety of measures to help avert attacks, including implementing proactive cybersecurity strategies, conducting regular security audits and employee training and instituting incident response plans.

[Back]

The Daily Legal News • 114 E Front St, Ste 100 • Youngstown, Ohio 44503 • Phone: 330-747-7777 • Fax: 330-747-3977