Phishing Emerges as Top Cybersecurity Threat in Legal Industry, Report Reveals

The legal industry is currently navigating a pivotal shift in cybersecurity threats, with phishing attacks now identified as the foremost concern. This revelation comes from the Fenix24 and International Legal Technology Association (ILTA) collaborative report, titled "Security at Issue: 2025 State of Cybersecurity in Law Firms". The document sheds light on the transition from traditional threats, such as ransomware, to more sophisticated, human-operated attack methods.

John Anthony Smith, Founder & Chief Security Officer of Fenix24, pointed out the legal sector's challenges in adapting to these evolving threats. The report emphasizes the urgent need for law firms to bolster their recovery readiness, advocating for the implementation of immutable backups and rigorously tested incident response strategies.

Despite a heightened awareness of cybersecurity risks, the report uncovers alarming trends. A scant 50% of law firms possess at least one backup system with immutability capabilities, and only 27% regard backups as a critical security control. The adoption of Multi-Factor Authentication (MFA) is similarly lackluster, with minimal application to production and backup storage systems.

Confidence in existing security measures is waning, as evidenced by only 38% of firms deeming themselves "very secure," a significant drop from 50% in 2023. This decline coincides with an increased recognition of known security vulnerabilities. Nonetheless, external assessments and tabletop exercises are gaining traction as pivotal motivators for security investments, matching client requirements at 53%.

Corey Simpson, Chief Operating Officer at ILTA, stressed the imperative for the legal industry to transcend mere compliance. The report underscores the necessity for firms to invest in rapid operational restoration capabilities, the protection of sensitive data under duress, and the preservation of client trust. It stands as a clarion call for the legal sector to fortify its cybersecurity defenses against the backdrop of increasingly sophisticated threats.