Are you concerned about your firm's cybersecurity?

Are you worried about your team member's password use?

Are you concerned about your firm's cybersecurity?

Are you aware that password management is a critical aspect of effective cybersecurity, and that failing to implement strong password policies could leave your business vulnerable to cyber attacks?

2023 Cybersecurity Trends in the Legal Field

2023 Cybersecurity Trends in the Legal Field

Show me a lawyer who isn’t using technology to manage a big chunk of practice, and I’ll show you a lawyer who’s falling way behind the curve.

Today’s most successful practices rely on tech tools to help gather, organize, store, analyze, assemble, and share case-related data.

What’s cause for worry, however, is that these data include sensitive information about clients; everything from where they live to where they work, from Social Security numbers to bank account details, from names of family members, friends, and associates to names of schools attended and purchases made, plus much more.

Naturally, these client details are highly coveted by cybercriminals.

Cybercrooks employ many strategies and tactics to get their sticky electronic fingers on your data. Hacking into your computers is a common approach. Another involves tricking you into giving them access to your systems.

By whatever means cybercrime is committed, the inescapable fact is that you urgently need to pay attention to cybersecurity matters.

This urgency is due to the frightening growth of cybercrime. It’s getting worse, year after year. It’s also due to the responsibility placed on your shoulders by the American Bar Association (and ratified by the bar of most states), which holds that you have an ethical obligation to take all reasonable steps necessary to safeguard sensitive client data (see ABA Model Rules of Professional Responsibility 1.1, 1.4, 1.6, 5.1, 5.2, and 5.3).

As a result, many lawyers, law firms, and legal departments have been scrambling to understand the latest cybersecurity trends to protect better the confidential information entrusted to them. In this post, I’ll briefly touch on four cybersecurity developments I believe merit your attention this year.

Data Security

According to the most recently issued ABA Cybersecurity Tech Report, 27 percent of law firms were hit by a security breach of their computer files, systems, and/or networks in 2022.

Based on the direction things are headed, I think it’s a safe bet to say that the percentage of law firms reporting a security breach will go up, not down, when the ABA releases its 2023 survey numbers later this year.

If you’re among the lucky ones that have not yet been breached, trust me when I say that there’s a massive amount of panic and chaos that follows in its wake.

So what should you do to avoid becoming a breach statistic? I recommend you follow in the footsteps of other law practices and turn to cybersecurity technologies such as encryption and multifactor authentication protocols (at a bare minimum). You should also embrace cloud-based services to store your data, as this offers an added layer of protection from cyberattacks.

Cybersecurity Training

Did you know that 82 percent of data breaches are caused by human error?

In your firm, this would be fellow attorneys, members of your staff, or even yourself mindlessly rolling out the welcome mat to cyber crooks. Sad but true.

The story is this: you unsuspectingly receive an email from a sender pretending to be someone you know and trust that invites you to download a “special” file (which, unbeknown to you, contains a virus that puts the sender in control of your system until you agree to pay a ransom—that is if the malicious script doesn’t siphon or outright destroy your data). Alternatively, the email might urge you to visit a new website (one brimming with tainted scripts that infect your computer the same way the downloaded “special” files does).

This is known as a phishing attack, and you and your staff need to be adequately trained to identify and respond to it and other forms of cyber threats. As such, many firms now require their staff to take regular cybersecurity training courses. Indeed, the ABA cybersecurity survey I cited above found that 75 percent of all respondents reported having undergone cybersecurity training in 2022.

The most effective form of training is the one you receive at least once a month (rather than once a year, as is typical), and that is presented in a storytelling format (which makes a far more significant and longer-lasting impression than does training presented as bulleted PowerPoint slides).

AI and Machine Learning

Artificial intelligence and machine learning are quickly becoming popular tools for legal professionals. By leveraging these technologies, law firms can better identify and respond to potential threats promptly.

For example, AI-powered apps are available to filter all your incoming emails and weed out those that don’t pass the smell test. Coupled with machine-learning capabilities, these apps can be quite effective at stopping booby-trapped emails from ever reaching you.

Additionally, AI and machine learning can be used to automate tedious tasks, such as document review and analysis, which can free up your time and allow you to focus on more important matters.

Demand for Privacy Regulations Compliance

Privacy regulations are becoming increasingly important in the legal field, as clients are now more aware of their rights when it comes to data privacy. Such regulations are spelled out in laws such as the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR) rules.

So, don’t be surprised if prospective clients ask you to describe your cybersecurity policies and compliance methodology in detail. According to the ABA survey, 33 percent of respondents said that at least one potential or existing client during 2022 had asked to inspect the firm’s cybersecurity details—and the larger the firm, the more likely the request (57 percent of firms with more than 100 lawyers said they’d received such an inquiry).

Along with requests for cybersecurity policy and compliance documentation, some firms—27 percent, to be exact—also acknowledged to the ABA that clients want to see the results of a third-party security assessment before agreeing to retain counsel.


As the legal industry continues to advance, the need for robust cybersecurity protocols is becoming increasingly important.

By leveraging the latest security tools and technologies and educating staff members on the latest trends, law firms and legal departments can stay a step ahead of cybercriminals. This is vital because the name of the game is safeguarding clients’ data.

The good news is that even more cybersecurity advancements are coming this year. The best of them will be reflected in BobaGuard’s cybersecurity suite. Not yet a BobaGuard client? Schedule a call with one of our Cybersecurity Solutions Advisors and learn how we can help equip your team with world-class cybersecurity solutions.

Comments are closed.

Want to receive more
Stupid Simple Security Tips?
Sign up below.


The Security Checklist for Busy Lawyers

The Security Checklist for Busy Lawyers