The American Bar Association (ABA) recently highlighted the many ways that artificial intelligence (AI) can benefit law firms. From streamlining processes to automating tasks, AI is transforming the legal industry at a rapid pace. Currently, there are estimates suggesting that AI could automate up to 44% of legal work, which is helping drive this change. However, this increased reliance on AI comes with significant risks, including a sharp rise in cyberattacks targeting law firms—particularly Big Law firms, increasingly costing them millions in class action suits. While AI is often talked about, firms’ use of third-party technology providers also plays a significant role in these cyberattacks.
In the first five months of 2024, 21 law firms have already filed data breach reports with the attorney general’s office. In comparison, only 28 such reports were filed throughout all of 2023. As AI becomes more integrated into Big Law firms—slowly but steadily—its dual use is emerging. While AI tools are improving efficiency and reducing costs, they are also being leveraged by cybercriminals to carry out more sophisticated attacks. This trend will likely accelerate in the coming years, with both the number and scope of cyberattacks on law firms expected to rise.
Big Law firms are especially vulnerable to cyber threats due to the sensitive nature of the data they handle. These firms often possess highly confidential information, including patents, intellectual property, and personal or corporate secrets related to major companies and high-profile deals. Even industry giants like Kirkland & Ellis, Proskauer Rose, and Allen & Overy have been targeted by data breaches and ransomware attacks, highlighting that no firm is immune from these attacks. Surveys on cybersecurity breaches show that around 50 percent of firms surveyed either experience security breaches or not knowing whether they have. There is a clear correlation between firm size and “not knowing” of breaches with smaller firms with 2–9 employees reporting rates of around 5%, while larger firms with 500 or more employees experience breach rates of up to 60%. The survey also indicated a significant increase in client requests for security requirements and guidelines of larger firms.
The rise of remote work has further exacerbated cybersecurity risks for law firms. With many legal professionals now working from home, often on unsecured networks, the potential for cyber incidents has significantly increased. Public Wi-Fi networks, which are frequently used by remote workers, are particularly vulnerable to hacking and pose a serious concern for law firms trying to protect client data. Remote work also makes it more difficult to enforce cybersecurity policies and monitor compliance. Without a controlled office environment, employees may not follow best practices for securing their devices or data, making firms more susceptible to attacks. Two of the most common attacks on firms consist of: (1) phishing (malicious emails or messages designed to trick employees into providing sensitive information or granting access to secure systems) and (2) ransomware (a type of malware that encrypts a firm’s data, with cybercriminals demanding a ransom for its release). There are also other forms of attacks, which include exploitation of vulnerabilities in third-party software used by firms.
Given the increasing reliance on AI and the growing risks posed by remote work, it is crucial for law firm leaders to prioritize cybersecurity. Implementing comprehensive security protocols, training employees to recognize phishing attempts, and investing in AI-driven cybersecurity solutions will be essential to mitigating these risks. Firms must also ensure that remote work policies account for secure network usage and compliance with cybersecurity standards.
As AI continues to reshape the legal industry, the threat landscape will only become more complex. Law firms—especially Big Law—must act now to protect their sensitive data, maintain client trust, and prevent the major class actions lawsuits that have been increasing due to these attacks.