Yes, “they are definitely perceived as soft targets,” Bloomberg BNA Privacy & Data Security News Managing Editor Don Aplin posited at a recent Mimesis Law Cy-pher roundtable discussion of privacy thought leaders.

Kevin Chalker, founder and CEO of GRA Quantum, agreed. “Law firms are absolutely soft targets,” he said, noting that just like other businesses, law firms often don’t discover intrusions into their systems until long after they began. 

Lisa Sotto, Partner at Hunton & Williams LLP, said that law firms are beginning to adopt stronger cybersecurity safeguards. They have realized “it’s not just about personal information anymore. It’s about financial data, it’s about M&A information, it’s about R&D” and law firms are a “treasure trove” of that information, she said. 

Chalker said that protecting trade secret information is of critical importance. Even if a law firm is trying to build a more robust security structure, it is unlikely they are spending similar amounts to what large businesses they serve, such as Pharma companies, are spending to protect secrets, he said.

Mark Seifert, a partner at the Brunswick Group, pointed out that data breaches have reputational harm implications for any company. But for law firms--and on a personal level between individual lawyers and particular clients--reputation is everything, so a breach hits at the very heart of the trust relationship.

Aplin said that law firms have a reason to be worried about that loss of trust. Class action plaintiff’s firms are already moving to represent clients of firms that have faced data breaches, he said.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.