Fenix24 and the International Legal Technology Association (ILTA) have released their new joint report, Security at Issue: 2025 State of Cybersecurity in Law Firms, providing an in-depth look at the cybersecurity challenges, vulnerabilities, and practices impacting legal organizations around the globe.
The legal sector has entered a new era of threat exposure that is defined not just by digital vulnerabilities, but by the rising cost of operational failure. Law firms are being targeted by skilled, persistent threat actors who bypass basic defenses, extract sensitive client data, and use it for extortion. Notably, Fenix24 and ILTA’s report found that phishing, which was introduced as a new category this year, took the top spot, cited by 50% of respondents, surpassing longstanding concerns like ransomware and user behavior, signaling a shift toward more sophisticated, human-operated attack methods.
“At Fenix24, we’re seeing a move from malware-based attacks to highly targeted, human-operated campaigns, and the industry’s defenses commonly haven’t kept up,” said John Anthony Smith, Founder & Chief Security Officer of Fenix24. “This year’s cybersecurity benchmarking report shows a pivotal shift in how law firms perceive and experience cyber risk, with too many firms being unprepared for the recovery phase, lacking immutable backups and tested incident response plans to restore operations after an attack.”
The report, based on 2024 survey results, also highlights several alarming trends that continue to leave law firms vulnerable to disruption and data loss, even as awareness grows. Additional key findings include:
- Immutable backups remain underutilized. Half of firms have at least one backup system capable of immutability, yet just 27% rank backups as a top-three security control.
- MFA (Multi-Factor Authentication) coverage is inconsistent across high-value systems. Despite MFA being a key defense against ransomware, only 18% of firms apply MFA to production storage and 37% apply it to backup storage.
- Security confidence is declining. Only 38% of firms consider themselves “very secure,” down from 50% in 2023. Yet, the percentage of firms that acknowledge known security gaps increased from 14% to 23%.
- External assessments and tabletop exercises are driving change. These internal evaluations are now tied with client requirements as the top drivers of security investment (53%), reflecting growing pressure to identify and act on vulnerabilities proactively.
- Persistent access and lateral movement remain major weaknesses. Many firms continue to allow unapproved remote access tools and weak segmentation, giving attackers prolonged control and the ability to escalate an incident across systems.
“As threat actors shift to more targeted and human-led attacks, the legal industry must move beyond just compliance,” said Corey Simpson, Chief Operating Officer at ILTA. “Our report with Fenix24 emphasizes that recovery readiness is no longer optional and firms must invest in the ability to restore operations quickly, protect sensitive data under pressure, and maintain client trust.”
To read the full Security at Issue: 2025 State of Cybersecurity in Law Firms report, visit the website here.
Related News:
Fenix24 Acquires appNovi to Boost Asset Visibility and Incident Response