External assessments and tabletop exercises are now tied with client requirements in the legal industry as the top drivers of security investment, both at 53%

50% of law firms cited phishing as the top cybersecurity concern, a new category this year, surpassing ransomware and user behavior.

Just 27% of law firms rank backups as a top-three security control.

Only 18% of law firms apply Multi-Factor Authentication (MFA) to production storage.

Only 38% of law firms consider themselves "very secure," which is down from 50% in 2023.

37% of law firms apply MFA to backup storage.

The percentage of law firms that acknowledge known security gaps increased from 14% to 23%.

Half of law firms have at least one backup system capable of immutability.