Are you concerned about your firm's cybersecurity?

Are you worried about your team member's password use?

Are you concerned about your firm's cybersecurity?

Are you aware that password management is a critical aspect of effective cybersecurity, and that failing to implement strong password policies could leave your business vulnerable to cyber attacks?

Which Costs More: a Cyberattack or Cybersecurity? (Spoiler Alert: the Former, By Orders of Magnitude)

Pretend I am right now dangling before you a balance-beam scale, like the one Lady Justice holds in her upraised hand, minus the sword.

In the scale’s pan on your left, I’m stacking all the component costs you’re going to pay in the aftermath of a successful cyberattack targeting the sensitive client data stored on your computers and devices. There are quite a few of these costs—and I’ll list them for you a bit further down in this post.

For now, please direct your gaze to the pan on your right. In that one, I’m stacking all the costs of cyberattack prevention.


There is no stack in the pan on the right, just a single item. And that’s because there is only one component to that cost (or at least there is potentially only one component cost, and I’ll get into that too in a bit).

As a result, the pan on your left—the one containing the cost of a successful cyberattack—is heavy-laden and tilting hard toward the floor, while the pan containing the cost of cyberattack prevention is feather light and pointing toward heaven.

Normally, the pan tilting down is the one with the evidence that wins the argument. Not so in this illustration. It’s the pan tilting up that contains the most compellingly persuasive evidence.

A practice-ruining financial hit

Back during the Cold War of the 1980s, when tensions between America and the nuclear-armed Soviet Union were at their hottest, cynical wags used to joke that one hydrogen bomb could ruin your entire day.

Those same droll sorts now might jest that one data breach can ruin your entire day—and, they’d be right. However, like an H-bomb blast, a data breach will do far, far more than merely ruin your day. Potentially, it could mean the end of your world.

Indeed, for a small but growing number of lawyers, a data breach is a practice-killer. What happens is the financial and/or business consequences of the data breach force them to permanently close—not just because of the loss of vital information (client records, case work, filings, and the like) but also owing to the staggering costs involved in digging out from the destruction.

According to the most recent figures, the average data breach produces a $4.24 million loss. That’s for all types of businesses—large and small—everywhere on the planet. Closer to home, small companies (law firms included) with less than 50 on the payroll lose at present an average of $24,000 per cyberattack; $50,000 if they employ between 50 and 249 people.

In part, those monetary hits include outlays for mounting an IT response to assess the extent of the breach and prevent further loss of data. Also included in the grand totals would be the cost of hiring a public relations firm to handle crisis communications to the media and public.

Over and above that would be the amount expended for a lawyer to talk to and (as necessary) negotiate with the people whose data were lost in the breach (those victims may well seek damages). Counsel might also be needed to interact with state bar disciplinary committee members who hold the cyberattacked lawyer’s professional fate in their hands.

If any portion of those costs are reimbursable through insurance, guess what? The premiums are almost surely going to go up significantly after the dust settles.

Then there’s the reputational harm. Lawyers who fall prey to cybercriminals discover that their ability to attract income-generating new cases and retain fee-paying existing clients declines, sometimes quite precipitously.

Any or all of these sustained economic losses can increase if the targeted law firm is forced by circumstances to suspend or permanently halt day-to-day operations. No money comes in, but charges for rent, utilities, software subscriptions, and the like continue to accrue.

An ounce of prevention

OK, so let’s now take a closer look at that scale pan on the right, the pan that has only one cost item in it.

The sum related to that cost item is $80 per month per user, and it’s what you’ll pay for cyberattack prevention. Remember the old saying about an ounce of prevention being worth a pound of cure? Yeah, exactly, but in this situation, that preventive dollop is worth a couple of metric tons of remedy.

That $80 per month gets you the following —eight best-in-class security solutions:

  • Cybersecurity raining for you and your team
  • Training and periodic testing to make sure you’re on your toes at all times when it comes to phishing attacks
  • Phishing defenses that run in the background and automatically intercept threats
  • IT security policies created, kept up-to-date, and fine-tuned in accordance with your practice’s unique needs
  • Monitoring of the Dark Web to warn you of existing sets of credentials that could be used to access your firm’s systems
  • A team-based password vault to create unique and secure passwords and share them in a secure manner
  • Proactive monitoring, maintenance, and patching of your Macs and PCs, including antivirus and web protection
  • Cloud-to-Cloud SAAS Backup for Microsoft 365 or Google Workspace – backing ALL your data – emails, contacts, calendars, and files while also providing an easy-to-use eDiscovery tool.

Eighty bucks per user/month. That’s peanuts. But it provides a complete A-to-Z solution whether you’re a solo attorney or small to mid-size law firm.

For the record, there’s only one place you can get all that for $80 a month, and that’s from BobaGuard.

Going back to our scale illustration, study it and let the relative positions of the pans sink in. The lesson to draw is clear: the cost of a cyberattack is substantial (and in too many instances excessive), while the cost of preventing one is practically negligible.

Would you like to learn more about BobaGuard? Schedule a free strategy call with one of our BobaGuardians here.

Comments are closed.

Want to receive more
Stupid Simple Security Tips?
Sign up below.


The Security Checklist for Busy Lawyers

The Security Checklist for Busy Lawyers