Phishing Emerges as Leading Threat to Law Firms, Revealing Cybersecurity Gaps

Phishing Emerges as Leading Threat to Law Firms

In an increasingly digital landscape, the legal industry finds itself grappling with a rise in cyber threats, particularly phishing attacks. According to a recent report by Fenix24 and the International Legal Technology Association (ILTA), published on August 5, 2025, only half of the law firms are equipped with robust backup systems critical for recovery from cyber incidents.

The report, titled "Security at Issue 2025: State of Cybersecurity in Law Firms," reveals troubling statistics that highlight a shift in the nature of cyber threats targeting law firms. For the first time, phishing has been identified as the top risk, cited by 50% of law firms surveyed, eclipsing longstanding concerns like ransomware and user behavior. This shift underscores a move towards more sophisticated, human-operated attacks, as cybercriminals become increasingly adept at bypassing traditional defenses to steal sensitive client data for extortion purposes.

As John Anthony Smith, the Founder and Chief Security Officer of Fenix24, explained, the attack landscape has evolved significantly. "We're witnessing a transition from malware-driven attacks to well-orchestrated human-led campaigns. Unfortunately, the defenses employed by many firms have not kept pace with these advancements," he noted. This insight reflects a broader trend of deteriorating cybersecurity preparedness within the legal sector.

The survey results further highlight several alarming trends. Although 50% of the firms reported having at least some form of immutable backup, only 27% considered their backup systems to be among their top-three security controls. This presents a significant oversight, as effective backup solutions can be crucial for restoring operations swiftly following an attack.

Another point of concern is the inconsistent application of Multi-Factor Authentication (MFA) across critical systems. Despite its proven efficacy in preventing ransomware attacks, only 18% of firms apply MFA to their production storage, with just 37% extending this protection to their backup systems. This inconsistency could expose many firms to avoidable risks.

The report also noted a decline in security confidence among law firms, with only 38% describing themselves as “very secure,” down from 50% the previous year. Furthermore, an alarming rise in the percentage of firms acknowledging known security gaps—up from 14% to 23%—suggests a growing awareness of vulnerabilities without corresponding improvements in security measures.

In terms of driving change within the industry, external assessments and tabletop exercises have emerged as essential tools. These evaluations are now on par with client requirements as the top factors influencing security investments. Both Fenix24 and ILTA emphasize that recognizing and acting upon vulnerabilities is becoming increasingly important as firms strive to bolster their defenses.

Persistent access and weak segmentation within firms' networks remain significant issues, allowing attackers to establish prolonged control and escalating incidents across multiple systems. Fenix24 and ILTA’s findings highlight that many firms still permit the use of unapproved remote access tools, which further compounds their vulnerabilities.

Corey Simpson, Chief Operating Officer at ILTA, stressed the repercussions of these evolving threats: "As threat actors shift towards more targeted and human-led attacks, the legal industry must evolve beyond mere compliance. Recovery readiness is no longer an option; firms must prioritize investments to restore operations effectively, safeguard sensitive information, and maintain trust with clients."

The situation emphasizes a clear need for law firms to reassess their cybersecurity measures and breach recovery strategies. While awareness of potential risks has improved, the obligation to implement effective, comprehensive backup systems, robust authentication processes, and ongoing security evaluations emerges as paramount. The legal sector must act swiftly to fortify their defenses against the increasing threat of cyberattacks.

For those interested in a deep dive into these findings, the complete report is available at Fenix24's Website. This of utmost importance is not just the future of the firms themselves but the trust and security of their clients’ sensitive information hanging in the balance.