This is Part 1 of a 2-part series titled The Complete Guide to Reducing Cyber Incident Response Costs in the Legal Industry. Download the guide here.
In our global, digital-first economy, cyberattacks are no longer isolated incidents targeting large organizations. They are a very real threat to businesses of all types and sizes, and law firms are a common target of cyber criminals. It is not difficult to see why law firms are often targets of cyber crime. The information collected by firms – from trade secrets, intellectual property, merger, and acquisition details to personally identifiable information and attorney-client privileged data – is particularly attractive to cyber criminals.
The American Bar Association (ABA) reports that 42% of law firms with 100 or more employees have experienced a data breach. What often gets underestimated is the cost of recovering from a cyber attack. A recent IBM report found the global average cost of a data breach in 2024 was $4.8 million – a 10% increase over last year and the highest total ever.
How can law firms better safeguard their data and fortify their systems to help prevent cyber attacks from occurring? There are three primary areas law firms can focus on to safeguard against cyber threats.
1. Firmwide Best Practices
Creating clear policies for employees and contractors to follow when using communications is one step to take. Many law firms are doing this. As of 2024, law firms with policies in place to govern employee behavior was as follows:
- 55% – Email use
- 51% – Internet use
- 50% – Computer acceptable use
- 50% – Remote access
- 44% – Social media
Source: ABA
There are several technical ways to strengthen your firm’s defense against threats.
- Control network access by establishing clear permissions and limiting entry points to critical systems. The security boundary should be as small and as controlled as practical to minimize the attack surface available to hackers.
- Set up firewalls to act as a first line of defense that can block unauthorized access and help monitor incoming and outgoing traffic.
- Use multifactor authentication (MFA) to add an extra layer of protection. This requires users to validate their identity through a second source, such as a code or biometric scan. (While a free service, the ABA reports only 54% of firms have MFA in use.)
- Apply network segmentation to enhance security by dividing the network into smaller sections, helping to contain potential breaches and minimize damage.
- Put active threat intelligence and regular vulnerability testing into place.
2. Employee Best Practices
According to Verizon’s 2025 Data Breach Investigations Report, 68% of all breaches involve human error, from phishing clicks to misconfigured security settings. Employees must be educated in how to maintain good digital hygiene.
Integreon’s Chief Technology Officer, John Wei, agrees. “Defending against cyber threats requires a highly collaborative approach, involving not just a select few cybersecurity professionals, but everyone across the organization,” says Wie.
Here are just a few important habits that should be included in your new hire onboarding and ongoing employee education efforts.
- Avoid reusing passwords across multiple accounts to minimize the risk of unauthorized access.
- Limit device access to only trusted individuals. Sharing devices with others can expose sensitive information.
- Use only secure Wi-Fi networks to help prevent potential security breaches and unauthorized access to personal and other data.
- Report any suspicious email activity, as phishing emails can be extremely sophisticated. According to an FBI report, cybercriminals stole approximately $2.9 billion through business email compromise (BEC) frauds, with law firms among the most common targets.
3. Detection and Response Automation Best Practices
Detection and response automation is revolutionizing how firms address cybersecurity threats. In fact, according to IBM, AI-driven security automation saves companies $2.2 million per breach by cutting response times and improving containment.
Security Information and Event Management (SIEM) platforms can monitor and analyze log data from various systems. These systems detect suspicious activity in real time and allow teams to quickly mitigate risks.
- Automated incident response tools take this a step further by eliminating the delays that come with manual intervention. If a threat is detected, these tools can immediately isolate compromised systems, block malicious traffic, or trigger other predefined actions to contain and neutralize the risk.
- Machine learning-based security solutions further enhance detection capabilities, leveraging AI to identify advanced threats and anomalies. These systems learn over time, adapting to the normal behavior of a network and flagging deviations that could indicate a breach.
In the second blog of this two-part series, we will discuss how to control cyber incident costs once a cyber attacks has occurred.
