Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Data Breaches Surge for Smaller Law Firms

June 23, 2022

A Bressler Risk Blog post on June 20 noted that Eileen Garczynski at Ames & Gough had flagged this Law360 Pulse story the other day: “Amid BigLaw Data Attacks, Breaches Surge For Smaller Firms.”

“In mid-January, a cyberattack targeting New York law firm Cleary Gottlieb Steen & Hamilton LLP exposed the firm’s email servers to unauthorized actors, potentially breaching the personal information of about 40 of the city’s residents, it told New York officials.”

“Cleary, however, was just one of the hundreds of law firms — from BigLaw firms to solo offices — that have reported data incidents in the past year and a half as they become increasingly targeted by cybercriminals, according to public records and cybersecurity experts.”

“Based on extensive public record requests, Law360 Pulse identified about 90 law firms that reported data breaches to authorities across 17 states in 2021, almost doubling the number from 2020, which also tracked the same states except for Illinois. The number also continues to rise this year, with at least 27 law firms already reporting data incidents in the first four months.”

“And while the number of data breaches reported by large law firms has remained steady at about a handful, such incidents reported by midsize and small law firms have increased significantly since 2020.”

“Similar to the breaches recorded in 2020, nearly all the recently hit firms that have notified state authorities identified external breaches — including phishing, hacking and malware attacks — as the most commonly identified cause of data exposure.”

“Meanwhile, less than 10% of firms reported that they experienced data breaches through other factors, such as a third-party data breach, stolen or lost devices, or insider wrongdoing.”

“The breakdown in percentages reflects that smaller, midsize firms often ‘don’t have the staff, resources and expertise’ of larger law firms and are therefore compromised far more often, said Frank Gillman, a former BigLaw chief information officer who now works at consulting firm Vertex Advisors. While smaller firms also spend money on security defense systems, Gillman said many lack the expertise to identify the risk and react before it becomes a bigger issue.”

Certainly, I agree with Gillman. Cybersecurity is tough on the budgets of small and midsize firms, who often have trouble finding dependable, highly certified experts who are also budget conscious. Just finding reliable experts who can explain cybersecurity defenses and strategies in plain English is a challenge.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology