The Business Litigation Blog

Law Firm Silence over Cybersecurity Threats is Frustrating – and Dangerous

Data breaches and “hackings” of various companies have become a recent and regular staple of news agencies over the past few months. Home Depot and Target are just two of the many companies that have been the targets of recent cyberattacks. These cyberattacks can range from annoying to menacing and can result in the exposure of the private financial or personal data of millions of individuals. This can result in serious financial harm to individuals and companies alike.

One industry that is especially vulnerable to cyberattacks – and one that has resisted transparency concerning data breaches and other hacking incidents – is the legal industry. This has led a recent Citigroup report to expose the cyberthreats faced by big law firms and the problem this can pose to law firm clients, especially banks.

The Problem Faced by Big Law Firms

The Citigroup report warned its employees that law firms were choice targets for cyberattacks due to the highly confidential digital information stored by these organizations. A leak or data breach can expose the personal and financial information of large corporate clients such as Citigroup and other financial institutions. This, in turn, can lead to serious financial losses by these entities.

To make matters worse for law firm clients, the Citigroup report indicated that law firms are particularly hesitant to disclose when a data breach occurs. The law firm may view the fact that they have been hacked as a “badge of shame” and attempt to cover up the fact that a breach occurred. This makes it difficult to track trends and develop procedures and safeguards to prevent future data breaches.

Law Firms and Other Professionals Need to Reform Their Ways

The Citigroup report goes on to note that some law firms have begun taking positive steps to address the threat of data breaches. One step that may seem obvious but that is still not widely practiced amongst law firms involves acknowledging and reporting the fact that a data breach has occurred. By reporting a data breach to its clients, law firms provide their clients with an opportunity to mitigate any harm the data breach may cause. Not only this, but prompt reporting of the breach can help law enforcement agencies investigate the breach and find the responsible party. Finally, reporting a data breach can help cybersecurity companies track trends and design more secure solutions for law firm data.


The problem that the Citigroup report highlights is not limited to law firms; instead, many professional firms that routinely deal with sensitive client information are finding themselves at risk for data breaches and cyberattacks. These organizations do their reputations and their clients a great disservice by trying to keep data breach incidents hidden. Instead of viewing cyberattacks as a shameful failure, firms ought to work with their clients and law enforcement agencies by promptly reporting these incidents and cooperating with them in investigating the incident and addressing any resulting harm.

Do you have questions about legal liability after a cyberattack? Reach out to us today for advice at 312.223.1699.

Post a comment

Comments closed

Real Time Web Analytics