May 22, 2018 Articles

Cybersecurity and the Lawyer’s Standard of Care

Legal malpractice claims stemming from a data breach or other cybersecurity event are on the rise and—now more than ever—law firms must be aware of the theories behind the claims and how to avoid them

by Joseph Salvo and Brian Middlebrook

Attacks on the Rise
Law firms are the guardians of a wealth of confidential and valuable information, rendering them an ever-growing target of cyber attacks. Back in 2012, the Wall Street Journal reported that "cyberattacks against law firms are on the rise, and that means attorneys who want to protect their clients’ secrets are having to reboot their skills to the digital age." Jennifer Smith, "Client Secrets at Risk as Hackers Target Law Firms," Wall St. J. Law Blog, June 25, 2012. In May 2014, New York Ethics Opinion 1019 warned attorneys about this threat, stating that "lawyers can no longer assume that their document systems are of no interest to cyber-crooks."

The passage of time not only has proven this to be true, it has burdened law firms of all sizes with the undeniable obligation to be cognizant of the risks posed by these breaches and to take affirmative steps to plan for and prevent breaches from occurring. The multitude of different attacks—business email compromise, denial-of-service, phishing, data exfiltration, ransomeware, and monitoring for insider trading opportunities, among others—has grown steadily over the past five years. As a result, the plaintiffs’ bar argues that a breach of a law firm’s information technology (IT) system is a breach of the firm’s professional responsibilities.

Premium Content For:
  • Litigation Section
Join - Now