Schwartz & Ponterio, PLLC holds lawyers responsible for legal malpractice.

Can poor cybersecurity be legal malpractice?

On Behalf of | Jul 3, 2024 | Legal Malpractice

These days, it’s hard to avoid the realities of cybersecurity attacks and internet data thieves – because they’re everywhere. Cybersecurity has become a necessary consideration for any business operation, including law firms.

Lawyers handle vast amounts of sensitive information and client funds, making them prime targets for cyberattacks. When poor cybersecurity practices damage a client’s interests, that can be a form of legal malpractice. 

Understanding the link between cybersecurity and legal malpractice

Legal malpractice occurs when an attorney fails to perform their legal duty to an acceptable standard of care and their client is harmed as a result.

In the context of cybersecurity, this can look like:

  1. Breaches of confidentiality: Attorneys have both legal and ethical obligations to maintain client confidentiality. If they have inadequate or antiquated security measures on their computer systems that allow some third party to easily gain access to a client’s sensitive information, that can be grounds for a malpractice suit. 
  2. Data loss and inaccessibility: Hackers don’t just steal information — they sometimes hold it hostage either in exchange for ransoms or just to disrupt certain proceedings. If, for example, a ransomware attack locks an attorney out of critical files or destroys them, disrupting legal proceedings, that could potentially be considered negligence.

In general, the American Bar Association (ABA) Model Rules of Professional Conduct require attorneys to take “reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to” a client’s sensitive and private information. Any failure to do so – electronic or otherwise – can be seen as negligence. 

If you’ve been harmed as a result of your attorney’s poor cyber practices, find out more about what steps to take next.