Today the issue is not if a law firm will suffer a cyber intrusion, but when, and what type. Therefore, the critical question for any law firm is how well it will respond when the inevitable happens. A law firm’s response to a cyber security incident can be the difference between keeping and losing a client, and maintaining the reputation or perhaps even the stability of the firm. Clients are mandating that their law firms have safeguards in place to prevent a data breach. But technology is far from foolproof, and even the strongest technical, administrative, and physical safeguards are no guarantee that a law firm will not be breached.