BlueVoyant Launches Its Sector 17-State of Cybersecurity in the Legal Sector Report

May 26, 2020

New York City, N.Y., May 27, 2020 – BlueVoyant, a global expert-driven cybersecurity services company, has today launched its ‘Sector 17 - The State of Cybersecurity in the Legal Sector’ report. It reveals that despite excellent standards of cybersecurity, 15% of a global sample of law firms showed signs of compromised networks. These compromises result from an overwhelming attack rate on law firms globally: 100% of law firms analyzed were targeted in attacks by threat actors.

The detailed analysis of cybersecurity in the legal sector undertaken by BlueVoyant analyzed thousands of law firms worldwide between January and March 2020. These results were compared with companies in the 16 sectors defined as critical to securing national infrastructure, resources, and resiliency by the Department of Homeland Security. BlueVoyant contends that the legal sector should be designated as ‘sector 17’ due to the high-value data law firms contain and their role as arbiters and safekeepers of public trust.

The study revealed that 100% of law firms have been subject to targeted threat activity – not surprising given the sector’s estimated worth of nearly $1 trillion, making it a prime target for financially-motivated attacks, as well as their handling of sensitive information. This month alone, 193 law firms were exposed in a massive data breach due to an insecure database; and the NY law firm GSMLaw was victimized by a ransomware group that is now threatening to release sensitive information about the firm’s roster of celebrity clients, including President Trump.

The investigation revealed the most common attack methods across the sector’s threat landscape. This included criminal pursuit of sensitive financial information and PII, extortion (non-ransomware), ransomware, third-party risks, password breaches and insider leaks and hacktivism. It also analyzed how the attack surface for illicit actors to share and use information sourced from cyber-attacks has expanded through the Dark Web, providing examples of how this information can be used to conduct ransomware attacks and subsequent breaches.

Jim Rosenthal, CEO, BlueVoyant commented: “The stakes could not be higher. While the legal sector is performing well in comparison to the other 16 sectors, attacks against law firms constitute some of the most sensational and damaging cyberattacks in history. We have already seen how recent incidents can cause substantial geopolitical fallout, not to mention tremendous direct and indirect financial repercussions for law firms.”

Furthermore, detailed analysis into 20 law firms, including an examination of defense metrics, inbound threat targeting and evidence of compromise, revealed that 15% of these firms were likely to have been compromised based upon strong evidence of suspicious traffic – and many more (almost half) showed signs of suspicious activity, including malicious proxy use.

Rosenthal added: “Threat actors are aggressively targeting law firms, and they are doing so daily. Threats against law firms are high volume, multi-faceted, and organized; threat actors use multiple sophisticated tools and techniques; and, notwithstanding industry-leading efforts, law firms have been successfully compromised.”

BlueVoyant recommends that law firms benchmark existing cybersecurity best practice against its recommended ten steps to mitigate future attacks. Further strengthening the sector’s defense against potential compromises is more crucial than ever, due to how the obtained information can be subsequently utilized.

Rosenthal concludes: “These findings are designed to support and empower law firms globally. By recognizing the legal sector as critical to national and international defense and infrastructure, BlueVoyant aims to put a spotlight on measuring and improving cybersecurity across the industry.”

About the Report

To source these findings, BlueVoyant analyzed proprietary and third-party feeds to identify traffic between law firm domains and blacklisted IP ranges, and engaged in deep and dark web surveillance, seeking evidence of malicious probing or scanning from potential malicious actors. It also identified any interactions between law firms and known malicious infrastructure.

Using these different sources of information, BlueVoyant detected multiple variations of potentially malicious inbound traffic over a one-month observation period, including:

  • Blacklisted IPs and domains reaching out to law firm assets
  • Large volumes of sessions targeting vulnerable webpages, observed in known malicious infrastructure
  • Evidence of attempted brute force attacks.

Sector 17 Webinar

On June 16th at 2.00 pm EDT, BlueVoyant will host a webinar to review the findings of its global legal sector analysis and provide helpful insight to law firms. Topics covered will include:

  • The legal industry threat landscape
  • Dark Web activity relative to the industry
  • Comprehensive cybersecurity review of the industry

The webinar will be chaired by Milan Patel, Global Co-Head of Managed Security Services and Tom Lind, Co-Head of Strategic Intelligence. Register for BlueVoyant’s webinar, here.

About BlueVoyant

BlueVoyant is an expert-driven cybersecurity services company whose mission is to proactively defend organizations of all sizes against today's constant, sophisticated attackers and advanced threats.

Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.

Founded in 2017 by Fortune 500 executives and former Government cyber officials and headquartered in New York City, BlueVoyant has offices in Maryland, Tel Aviv, San Francisco, London and Latin America.

PR Contacts

Danielle Ostrovsky (US)

C8 Consulting for BlueVoyant

[email protected]



Jim Pople (UK)

C8 Consulting for BlueVoyant

[email protected]

+44 (0)7955 030191

Download Press Release