TLDR: Legal cybersecurity experts are increasingly concerned about the rapid acceleration of AI-powered cyber threats, including automated phishing and deepfakes. A recent report indicates 16% of cyber incidents involve AI, while ransomware attacks in the legal sector surged by 71% in the first half of 2025. Despite increased AI adoption by law firms for productivity, the lack of specific cybersecurity compliance obligations leaves them vulnerable, prompting a rise in planned security spending.
Cybersecurity professionals within the legal sector are facing an unprecedented surge in AI-powered threats, with generative artificial intelligence (GenAI) significantly enhancing the capabilities of malicious actors. According to a recent IT Brew report, legal IT experts are observing a marked increase in AI-driven fraud, necessitating a re-evaluation of existing security strategies.
Casey Geimer, an administrator for case-management software SmartAdvocate at Chicago-based McCready Law, highlights the critical nature of protecting vast amounts of sensitive digital case files, including hospital records and client communications. Geimer notes that modern hackers often infect systems subtly, waiting for files to be transmitted to law firms or larger institutions before acting. Generative AI, in Geimer’s view, acts as an ‘accelerator for attackers,’ granting them ‘bigger bandwidth to hit more targets at a time.’
Data from IBM’s latest Cost of a Data Breach report underscores this concern, revealing that 16% of the cyber incidents studied involved attackers leveraging AI through sophisticated tactics such as automated phishing and deepfakes. This technological advancement allows adversaries to craft highly convincing and widespread attacks.
Compounding the challenge, the legal sector has experienced a dramatic increase in ransomware incidents. Comparitech data shows a 71% rise in global legal-sector ransomware attacks, jumping from 90 incidents in the first half of 2024 to 154 in the first half of 2025. The FBI has also issued warnings about groups like the Silent Ransom Group, active since 2022, specifically targeting law firms with IT-themed social engineering calls and callback phishing emails to steal sensitive data for extortion.
Law firms, handling highly confidential information, are particularly attractive targets. However, unlike heavily regulated industries such as finance and healthcare, the legal sector often lacks specific cybersecurity compliance obligations. Geimer points out that this regulatory gap leads hackers to believe that law firms may not be implementing adequate precautions, making them perceived as easier prey.
In response to these escalating threats, law firms are beginning to bolster their defenses. The Tabush Group’s 2025 Survey on Law Firm Technology, which polled over 140 US-based law firm leaders, found that 44% plan to increase their cybersecurity spending. This marks an improvement from 2024, when 39% of respondents intended to increase security investments, focusing on areas like endpoint security for various devices.
Also Read:
- Enterprise Security Defenses Deemed Insufficient Against AI-Powered Cyber Threats
- Unsanctioned AI and Data Practices Fuel Undetectable Data Theft, Escalating Breach Costs
Interestingly, while battling AI-powered threats, law firms are also rapidly adopting AI for their own operations. The same Tabush Group study revealed that 80% of law firms are currently utilizing AI, a significant leap from 47% in 2024. These applications primarily include research, proofreading, and drafting legal documents, showcasing the dual nature of AI as both a powerful tool and a formidable threat in the legal landscape.
