While lawyers must make reasonable efforts to guard against exposure of client information due to cyber security breaches, most tech experts agree that there is no way to completely keep ahead of cyber criminals, and that, eventually, every firm will be hacked at some point. Consequently, no cybersecurity framework is complete without some sort of breach response plan. A handy way to build such a plan is to create procedures to address each of five categories of response: Identify, Protect, Detect, Respond, and Recover.


  • Identify one person in the firm who is designated to take the lead on any cyber security breach response, so that all information will be collected and handled centrally.
  • Install virus detection software on all of your systems and devices and regularly check for alerts. Consider subscribing to security services provided by your ISP or web host supplier.
  • Set up a process to notify all system users in the event of a breach. Remember that these notifications might need to be made outside of normal business hours.


  • Create procedures that can isolate compromised devices or your network from further infiltration. This may include removing devices from network connections or physically securing mobile devices, free-standing backup drives, or other storage devices. Note, though, that most experts advise against shutting down systems completely as a defense lest you compromise forensic investigation later regarding the source and extent of the attack.
  • Contact a security consultant for guidance about how to proceed to protect data.
  • Change passwords for all systems and devices on which you need to continue to work.


  • Investigate to determine the extent of the breach, including what data may have been compromised. This may require consultation with a technology expert.


  • Notify your professional liability insurance carrier of the breach as soon as possible. Your policy may provide coverage for hiring an attorney or outside technology consultant to help you minimize potential damage and to comply with legal requirements.
  • Review and comply with required actions under applicable state or federal data breach laws. Almost every state has laws establishing required notification procedures in the event of data breaches. Remember that, depending upon your clients and the type of data involved, you may be covered by more than one states’ laws and rules.
  • Determine what, if any, disclosure needs to be made, to whom, and in what timeframe. Not all breaches will trigger disclosure requirements under data breach laws, but lawyers need to consider ethical obligations as well regarding keeping the client informed of any significant developments affecting their representation of them. It’s best to get guidance from outside legal counsel or your insurance provider.


  • With the help of your tech advisors, recover what data you can, not only the data that was breached but data about the hack itself, so that cyber security can be improved moving forward.