Legal Ethics’ Next Frontier: Lawyers and Cybersecurity

47 Pages Posted: 28 Jan 2016 Last revised: 15 Jul 2016

See all articles by Eli Wald

Eli Wald

University of Denver Sturm College of Law

Date Written: January 28, 2016


The inherent uncertainty surrounding cyberattacks on law firms – who perpetrated the attack, what information was compromised, and what damage, if any, did clients suffer as a result of the attack – renders liability controls such as malpractice lawsuits and market controls such as being fired by a client ineffective means of regulating lawyers’ cybersecurity conduct. Of course, some lawyers have been at the forefront of practicing diligent cybersecurity. Yet, because practicing cybersecurity is expensive and the technological learning curve for lawyers is steep, in the face of under-regulation and few practical consequences for inaction, some lawyers may fail to reasonably defend against cyber-threats, the known risks notwithstanding.

This article argues that the under-regulation of lawyers’ cybersecurity conduct can be effectively addressed by promulgating rules of professional conduct, which will require lawyers to adopt and implement cybersecurity plans for all clients, define the meaning of “reasonable efforts” necessary to prevent the unauthorized disclosure or access to confidential client information, and mandate disclosure to clients of cyberattacks and information theft.

Part I of the article summarizes the knowledge lawyers have recently gained about cybersecurity, namely who is attacking them, why, and what can be done to defend against cyberattacks. Part II examines the under-regulation of lawyers’ cybersecurity conduct and its consequences. Part III advances a proposal for a regulatory response, in the form of new and revised rules of professional conduct designed to ensure that lawyers make reasonable efforts to protect clients’ confidential information.

Suggested Citation

Wald, Eli, Legal Ethics’ Next Frontier: Lawyers and Cybersecurity (January 28, 2016). 19 Chapman Law Review 501, 2016, U Denver Legal Studies Research Paper No. 16-04, Available at SSRN:

Eli Wald (Contact Author)

University of Denver Sturm College of Law ( email )

2255 E. Evans Avenue
Denver, CO 80208
United States


Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics