A Record-Breaking Year for Law Firm Attacks
2023 marked a grim milestone: 45 ransomware attacks on law firms—the highest number ever recorded. These attacks compromised over 1.6 million records, with ransom demands averaging $2.47 million.
The legal sector has become a prime target for cybercriminals, and the trend shows no signs of slowing.
Why Law Firms Are Prime Targets
Law firms hold some of the most valuable data imaginable:
- Client confidences protected by attorney-client privilege
- Merger and acquisition details worth millions in insider trading
- Litigation strategies opponents would pay to see
- Personal information of high-net-worth individuals
- Corporate secrets shared during legal proceedings
Cybercriminals know that law firms will pay to protect this data—both from encryption and from public exposure.
The Financial Impact
| Metric | Value | Source |
|---|---|---|
| Average breach cost | $5.08M | Embroker 2024 |
| Average ransom demand | $2.47M | Comparitech |
| Firms with incident response plans | 34% | ABA 2023 |
| Firms that lost client data | 56% | ABA Survey |
| Orrick settlement | $8M | Court filings |
The average cost of a law firm data breach reached $5.08 million in 2024—a 10%+ increase from the previous year. And that's just the direct costs.
Case Study: Orrick, Herrington & Sutcliffe
In November 2024, Orrick agreed to pay $8 million to settle class acti...