Report

Privilege Under Attack: Defending Your Law Firm Against Modern Cyber Threats

2026 Legal Services Threat Intelligence Report

The average cost of a data breach for law firms reached $5.08 million in 2024, more than a 10% year-over-year increase, and in 2025, incident responses involving law firms nearly doubled compared to the prior year, according to Baker & Hostetler's annual Data Security Incident Response Report.

Law firms hold confidential data spanning every industry they serve, such as M&A intelligence, privileged communications, litigation strategies, and personal health information, making a breach at a law firm qualitatively different from almost any other sector. And threat actors know it.

Over the past 12 months, eSentire's Threat Response Unit (TRU) recorded a 20% year-over-year increase in incidents targeting the legal sector, with 56.3% of all threats focused on credential theft and identity compromise.

In our new Legal Services Threat Intelligence Report, eSentire's TRU shares a detailed analysis of threat data from security investigations across our global customer base throughout 2025. Key findings include:

  • The legal sector recorded an 86% overall intrusion ratio in 2025, among the highest of any industry globally.
  • Credential theft and identity compromise accounted for 56.3% of all threats to the legal sector, making legal professionals the primary attack surface.
  • Microsoft Teams abuse accounted for 6.25% of initial access in the legal sector as attackers continue to weaponize collaboration platforms through IT helpdesk impersonation and email bombing campaigns.

Download the full report to get a comprehensive understanding of the current threat landscape targeting law firms and legal services organizations, including the most prevalent attack vectors and malware families observed in 2025, and actionable recommendations for protecting privileged client data to stay ahead of the threats targeting the legal sector.

Download Now

The average cost of a data breach for law firms reached $5.08 million in 2024, more than a 10% year-over-year increase, and in 2025, incident responses involving law firms nearly doubled compared to the prior year, according to Baker & Hostetler's annual Data Security Incident Response Report.

Law firms hold confidential data spanning every industry they serve, such as M&A intelligence, privileged communications, litigation strategies, and personal health information, making a breach at a law firm qualitatively different from almost any other sector. And threat actors know it.

Over the past 12 months, eSentire's Threat Response Unit (TRU) recorded a 20% year-over-year increase in incidents targeting the legal sector, with 56.3% of all threats focused on credential theft and identity compromise.

In our new Legal Services Threat Intelligence Report, eSentire's TRU shares a detailed analysis of threat data from security investigations across our global customer base throughout 2025. Key findings include:

  • The legal sector recorded an 86% overall intrusion ratio in 2025, among the highest of any industry globally.
  • Credential theft and identity compromise accounted for 56.3% of all threats to the legal sector, making legal professionals the primary attack surface.
  • Microsoft Teams abuse accounted for 6.25% of initial access in the legal sector as attackers continue to weaponize collaboration platforms through IT helpdesk impersonation and email bombing campaigns.

Download the full report to get a comprehensive understanding of the current threat landscape targeting law firms and legal services organizations, including the most prevalent attack vectors and malware families observed in 2025, and actionable recommendations for protecting privileged client data to stay ahead of the threats targeting the legal sector.

Get The Report