Thursday, July 8, 2021 Law firms have recently become prime targets for cybercriminals seeking to steal, expose, sell, or otherwise extort confidential information. Both the digitalization of law firms’ sensitive documents and the increase in means available to perpetrate an online crime exacerbate these risks. Law firms encounter various cybersecurity risks from “insiders”—personnel within the company—and external persons. As a response, many law firms have adopted cybersecurity obligations to protect its clients’ data and the firm’s integrity and reputation. Main Cybersecurity Risks Facing Law Firms Law firms naturally handle sensitive client data and confidential company information. The lack of strong internal controls and compliance programs leaves law firms open to cyber-attacks. These attacks can be committed by insiders within the firm as well as external actors. Some examples of cybersecurity risks for law firms include the following: