In a recent internal report, Citigroup's cyberintelligence center warned employees that law firms are targets of attacks by foreign governments and hackers because they house valuable data concerning their clients' transactions and strategies.
According to the NY Times, the Citigroup report alerted employees that cybersecurity at law firms remains weak as compared to other industries and that law firms are at high risk of cyber-attacks. Citigroup also stated that because most law firms refuse to disclose whether they have been the victims of cyber-attacks, "it is not possible to determine whether cyberattacks against law firms are on the rise.”
Past reports on this subject support Citigroup's concern that law firms are at risk. In 2010, it was reported that information security firm Mandiant had worked with over 50 law firms after they suffered security breaches. In 2012, Mandiant estimated that 80 major law firms were hacked in 2011 alone. Mandiant is now reportedly advising "a half-dozen unidentified law firms" that have been the victims of a data breach or other cyber-attack.