After surveying 500 legal professionals across the US, Proton uncovered that 66.4% of legal professionals are concerned about cyberattacks — and they’re right to be.
From privileged case information to confidential client communications, law firms are a treasure chest for malicious actors seeking to exploit sensitive information. And, as digital threats become increasingly sophisticated (AI, for example, is transforming the methods attackers use), legal professionals are under increasing pressure to find ways to protect themselves and their clients’ data.
In this article, we outline why law firms are a prime target for cyberattacks before providing actionable steps for prevention.
Why are law firms prime cyberattack targets?
Legal teams have transitioned from physical to digital information solutions — relying heavily on email or cloud-based storage to manage their workflow and collaborate with dispersed teams, partners, and clients.
There are undoubtedly significant benefits to this change — from real-time collaboration to seamless remote work. But, internet-based solutions also expose firms to risks, leaving them vulnerable to data theft, extortion, and espionage.
Roughly 20% of the law firms we surveyed experienced a cyberattack in the past year. Of these, 39% reported losing data or having it exposed. The American Bar Association performed a similar survey in 2024, finding that 42% of law firms (nuova finestra)with 100 or more employees experienced a data breach. This suggests that the larger a law firm gets, the bigger a target it becomes.
The cost of falling victim to a cyberattack is high — ranging from ransoms (in 2024, ransomware attackers received approximately $813.55 million(nuova finestra) in payments from victims) to the exposure of confidential information, regulatory fines, and lasting damage to client trust. For law firms, the stakes are even higher due to the pressure of court deadlines and the need to protect active cases. This urgency often leads firms to pay ransoms quickly in order to regain access to critical files or systems, making them appealing targets for opportunistic attackers.
How can law firms prevent cyberattacks?
Secure cloud storage

82% of surveyed legal professionals agree that the greatest risk from a cyberattack is the theft of confidential client or company information. However, the most popular cloud storage solutions used by the law firms we surveyed were OneDrive (37.60%), Google Drive (28.80%), iCloud (27.60%), and Dropbox (20.40%) — all of which require additional configurations to provide advanced protection from data theft and leaks.
While popular, these solutions use a type of encryption that leaves data on their servers at risk of unauthorized access if there is a breach. If you use their default settings, these services can access your files, allowing them to share your data with third parties and creating potential points of entry for attackers. One New York law firm(nuova finestra) was compromised when attackers exploited this type of vulnerability in its Microsoft email server.
By opting for an end-to-end encrypted storage solution like Proton Drive, law firms can retain control of who can see their files, folders, and documents without sacrificing the convenience of mainstream solutions. With Proton, even in the unlikely event of a breach, law firms’ data remains securely encrypted and protected from unauthorized access.
Multi-factor authentication
Phishing emails, historical breaches, malicious browser extensions, and unintentional sharing are all ways for individuals to mistakenly expose the passwords that unlock access to a firm’s most sensitive information. Implementing multi-factor authentication (MFA) methods like two-factor authentication (2FA) and requiring complex, regularly updated passwords significantly reduces the risk of unauthorized access, even if passwords are compromised.
With Proton Drive’s two-factor authentication, for example, you must provide your password and verify your identity through a second method — like a code sent to your phone or a biometric scan. This extra layer means that even if someone gets hold of your password, they still can’t log in without that second piece of verification.
Advanced file-sharing controls

By restricting who can view, edit, or manage specific files or folders, firms can reduce the risk of accidental data leaks or intentional misuse. With Proton Drive, legal professionals can share case files with internal stakeholders or outside counsel while maintaining complete control and showing clients that they take security and confidentiality seriously.
At an organizational level, Proton Drive lets administrators decide whether individual team members — whether they’re legal assistants or senior partners — can edit or view certain files from a central control panel. Such segmentation is particularly valuable in high-stakes litigation or corporate matters where information must be compartmentalized for security and compliance.
When it comes to sharing individual files or folders, you can use Proton Drive to send files with email invitations or secure links and assign access permissions, create passwords, set expiration dates, or revoke access whenever necessary.
Employee security training
Our survey showed that less than 35% of legal professionals are familiar with the legal obligations for handling cyberattacks, despite 70% identifying employee education as a method of risk reduction for cyberattacks — suggesting a gap in training regarding regulatory compliance.
It only takes even one uninformed employee to open the doors to bad actors and worse consequences. Whether it involves opening phishing emails or mishandling data, a weak link in the team can lead to anything from ethical violations to malpractice claims, which is why security education is key. One way to keep security at the top of employees’ minds is by routinely sharing practical information like ransomware explainers or secure sharing guides.
Mobile device management
As attorneys increasingly work remotely or access files from courtrooms and client sites, unsecured mobile devices pose a major risk. However, we found that 28.60% do not employ mobile device management for company-issued devices, potentially leaving a gap in mobile security.
With Proton Drive, law firms can manage and revoke employee access to sensitive information from a single dashboard — ensuring that lost or stolen devices don’t become gateways to confidential client data.
The first step toward law firm data security
Among the legal professionals we surveyed, 42% expressed uncertainty about their ability to recover from a cyberattack, indicating a concerning lack of confidence in post-incident resilience. This uncertainty may be linked to broader gaps in preparedness — 45% of respondents are either unclear or unsure about the necessary response steps, suggesting that nearly half may not have well-defined or effectively communicated cyberattack response plans.
By opting for digital solutions built with privacy and security at their core, law firms can better safeguard client data, ensure compliance with industry regulations, and reduce the risk of operational disruptions caused by cyberthreats.
By switching to Proton Drive end-to-end encrypted cloud storage, law firms can take the first step toward building a secure digital foundation —gaining control over their data and enabling safe collaboration both in and out of the office.