Law Firms Are Experiencing Breaches. Their Clients Have No Idea

A landmark study reveals a stark disconnect between legal organizations and their client base regarding digital safety. While security incidents frequently impact legal practices behind closed doors, a vast majority of those affected remain completely unaware. This growing communication gap introduces severe operational risks, particularly as firm clients demand greater transparency and more sophisticated data protection measures. To survive, organizations must prioritize open dialogue, robust infrastructure investments, and responsible AI deployment.

By Jason Griffin, VP of Cybersecurity Services at Integris

Two out of every three law firms experienced a significant email-based security breach in the past twelve months. More than half (57%) experienced a mobile-related breach. Nearly all of those clients never heard a word about it.

That’s the central finding of the Integris 2026 Law Firm Trust in Technology Report, which surveyed 416 law firm decision-makers and 600 law firm clients across the United States. The data paints the portrait of an industry that’s silently absorbing serious security failures while clients, kept in the dark, are already making judgments about which firms deserve their business.

High-profile incidents at firms like Williams & Connolly, where an attorney’s email breach exposed sensitive communications, and Jones Day, where a phishing attack compromised client files, show how quickly a security failure crosses from an operational problem into a reputational one. These are large firms that prove that breaches can happen at even the most sophisticated organizations. The breach itself doesn’t damage trust as much as the silence that follows.

Clients Are Watching, and Their Expectations Have Risen

The report makes clear that law firm clients have fundamentally changed what they expect from their legal counsel on technology. Eighty-three percent say a firm’s technology sophistication affects their confidence. Fifty-eight percent say their expectations are higher than they were just two years ago.

Clients are drawing conclusions about a firm’s overall competence and care from the quality of its digital experience. When a client struggles to access documents through a secure portal, receives slow responses, or notices friction in how billing is handled, it sends a message that the firm may not be operating at the level the client expects.

It underscores just how important it is to get foundational things right. Clients want secure, reliable communication channels, responsive support, and clear documentation of how client data is protected. Firms that can demonstrate mastery of those fundamentals earn more client confidence than firms loading up on technology.

The Silence Around Breaches Is a Business Risk

The report’s most striking finding may be how rarely firms communicate with clients about cybersecurity at all. More than half of clients say their law firm has never proactively reached out to them on the subject. Most of those clients wish they would.

That’s a significant missed opportunity. Establishing a regular cadence of security updates, explaining how client data is protected, and sharing what the firm does when an incident occurs builds a foundation of trust that pays dividends when things get difficult.

When the report asked clients how they would respond to a breach, 53% said what mattered most was knowing what remediation steps the firm had taken. Clients understand that breaches happen. What they don’t forgive is finding out about one through a news article or discovering that their firm had no clear response plan.

Retention is a real concern. Thirty-five percent of clients have switched firms or seriously considered it due to technology or operational issues, citing issues like delays, billing errors, and poor communication. These are all solvable problems. They require investment in operational infrastructure and a deliberate decision to treat technology performance as a client experience issue.

AI Is Moving Fast, and Governance Hasn’t Kept Up

Sixty percent of law firm decision-makers report moderate or heavy AI use, with chatbots, legal research, contract analysis, and case prediction, among the most common applications. However, the governance infrastructure supporting that adoption is not keeping pace.

Thirty percent of decision-makers say implementing and managing AI is a major challenge, making it the second-biggest issue firms face with their technology partners. Thirty-eight percent worry about the accuracy and reliability of AI output. Thirty-five percent worry about ethical or regulatory risks, and an equal share worry about data privacy. Firms are moving quickly, but many aren’t fully prepared to manage what they’re deploying.

Clients have strong feelings about this. Eighty-five percent say firms should disclose when AI is used in their legal work. Their concerns center on accuracy, confidentiality, and the absence of human oversight. Thirty percent expect faster turnaround from AI-assisted work, while 29% expect higher quality. Both expectations carry an implicit demand that firms use the technology responsibly.

Firms recognize they need help navigating this. Forty-four percent want their technology partner to help vet ethical AI tools. Forty-one percent want support developing American Bar Association-aligned AI policies. Firms want partners who can help them adopt AI responsibly so they don’t scramble to manage problems after they arise.

What Law Firms Actually Need From a Technology Partner

There’s a recurring theme in how law firm leaders describe their frustrations with current technology partnerships. Twenty-eight percent cite a lack of legal industry expertise as a top challenge with their current provider. General-purpose technology partners may understand infrastructure, but they often don’t understand the specific regulatory requirements, client confidentiality obligations, and billing workflows unique to the legal sector.

As AI makes it easier for bad actors to launch attacks, law firms need to treat technology as both an IT challenge and a client experience issue. That means they need to solve the planning problem and home in on where they’re spending, where they’re exposed, and where investment would actually improve the client experience. 

Transparency Is the Competitive Differentiator

Clients are making retention decisions based on technology performance and communication, and they’re willing to act on those decisions. Sixty-nine percent say they would pay higher fees for faster, more seamless service, but 73% also say they’d be less likely to stay if fees increased without corresponding improvements in what they experience.

Firms that fail to communicate proactively about cybersecurity are creating the conditions under which those clients will quietly look elsewhere. Transparency must become a core part of the client relationship, not a crisis communication strategy deployed after something has already gone wrong.

error: Content is protected !!