How Law Firms Can
Cut the Rising Costs of Cyber Incidents

In our global, digital-first economy, cyberattacks are no longer isolated incidents targeting large organizations. They are a very real threat to businesses of all types and sizes, and law firms are a common target of cyber criminals.  

What often gets underestimated is the cost of recovering from a cyber attack. The financial, operational, and long-term costs can be staggering and, in many cases, business ending. 

The American Bar Association (ABA) reports that 42% of law firms with 100 or more employees have experienced a data breach. It is not difficult to see why law firms are often a target for cyber crime. The information collected by firms – from trade secrets, intellectual property, merger and acquisition details to personally identifiable information and attorney-client privileged data – is particularly attractive to cyber criminals. 

The cost of these attacks? For all organizations, it is the highest it has ever been. An IBM report found the global average cost of a data breach in 2024 was $4.8 million – a 10% increase over last year and the highest total ever. For professional services organizations (including legal, accounting, and consulting firms), the cost of a data breach is even higher, totaling $5.08 million. When it comes to cyber attacks specifically within the legal industry, it is not a matter of if, but when.  

This guide is meant to help law firms better safeguard their data, fortify their systems, and importantly, mitigate the cost of cyber attacks. Today, law firms must invest in both protecting themselves against cyber crime and preparing for an inevitable attack. These recommendations serve as a starting point for developing a solid strategy, but it is most important to see these as moving targets. As technology innovation accelerates, law firms will need to continuously adapt.