While quick to trumpet their tech capabilities, law firms are coy when it comes to cyber security policies. Making a defence strategy public could play into the hands of hackers, of course. But considering how devastating an attack might be for a law firm and its clients, one would expect at least some publicity of their initiatives on that front.
The issue gained notoriety last summer after a malware attack on a third party compromised DLA Piper’s systems and made the dangers to law firms as collateral damage a reality. Even according to the most conservative estimates, the disruption cost the firm $10m at the very least. But it could have been a lot worse if the attack had led to the disclosure of confidential client information, as with the email hack on Panamanian firm Mossack Fonseca & Co (the so-called Panama Papers) and the breach of offshore firm Appleby’s data in 2016 (Paradise Papers).