Fenix24, an industry-leading cyber disaster recovery company, and the International Legal Technology Association (ILTA), today announced the release of their latest joint report, “Security at Issue: 2025 State of Cybersecurity in Law Firms.” The report offers a deep dive into the current cybersecurity practices, gaps, and risks facing legal organizations worldwide.

The legal sector has entered a new era of threat exposure that is defined not just by digital vulnerabilities, but by the rising cost of operational failure. Law firms are being targeted by skilled, persistent threat actors who bypass basic defenses, extract sensitive client data, and use it for extortion. Notably, Fenix24 and ILTA’s report found that phishing, which was introduced as a new category this year, took the top spot, cited by 50% of respondents, surpassing longstanding concerns like ransomware and user behavior, signaling a shift toward more sophisticated, human-operated attack methods.

“At Fenix24, we’re seeing a move from malware-based attacks to highly targeted, human-operated campaigns, and the industry’s defenses commonly haven’t kept up,” said John Anthony Smith, Founder & Chief Security Officer of Fenix24. “This year’s cybersecurity benchmarking report shows a pivotal shift in how law firms perceive and experience cyber risk, with too many firms being unprepared for the recovery phase, lacking immutable backups and tested incident response plans to restore operations after an attack.”

The report, based on 2024 survey results, also highlights several alarming trends that continue to leave law firms vulnerable to disruption and data loss, even as awareness grows. Additional key findings include:

• Immutable backups remain underutilized. Half of firms have at least one backup system capable of immutability, yet just 27% rank backups as a top-three security control.
• MFA (Multi-Factor Authentication) coverage is inconsistent across high-value systems. Despite MFA being a key defense against ransomware, only 18% of firms apply MFA to production storage and 37% apply it to backup storage.
• Security confidence is declining. Only 38% of firms consider themselves “very secure,” down from 50% in 2023. Yet, the percentage of firms that acknowledge known security gaps increased from 14% to 23%.
• External assessments and tabletop exercises are driving change. These internal evaluations are now tied with client requirements as the top drivers of security investment (53%), reflecting growing pressure to identify and act on vulnerabilities proactively.
• Persistent access and lateral movement remain major weaknesses. Many firms continue to allow unapproved remote access tools and weak segmentation, giving attackers prolonged control and the ability to escalate an incident across systems.

“As threat actors shift to more targeted and human-led attacks, the legal industry must move beyond just compliance,” said Corey Simpson, Chief Operating Officer at ILTA. “Our report with Fenix24 emphasizes that recovery readiness is no longer optional and firms must invest in the ability to restore operations quickly, protect sensitive data under pressure, and maintain client trust.”

To read the full report, visit: https://fenix24.com/iltareport2025/

About Fenix24

Fenix24 is the global leader in breach recovery, providing assured and battle-tested cyber resilience solutions. With a mission to redefine how organizations recover from cyber incidents, Fenix24 combines expert-driven response, cutting-edge technology, and a proven track record of restoring businesses faster and more securely than ever before.

For more information, visit www.Fenix24.com

Fenix24 is the “world’s first civilian cybersecurity force,” with four time-tested battalions:

Fenix24 / Ransomware rapid response, remediation and recovery
Athena7 / IT security assessments, strategy and planning
Grypho5 / Ongoing, security-based management
Argos99 / Expert insights into data, assets and infrastructure

About ILTA

The International Legal Technology Association (ILTA) serves the professional needs of more than 25,000 international legal technology professionals and their organizations. Since its founding in 1980, the association’s focus is to achieve results for our membership and the legal technology profession at large. Much of the value we provide as an association occurs through the coordinated efforts with our global volunteer membership teams.

The post Phishing Tops List of Threats in Legal Industry as Only 50% of Law Firms Report Having Immutable Backups, Fenix24 and ILTA Report Finds appeared first on citybiz.

This contant was orignally distributed by citybiz. Blockchain Registration, Verification & Enhancement provided by NewsRamp™. The source URL for this press release is Phishing Tops List of Threats in Legal Industry as Only 50% of Law Firms Report Having Immutable Backups, Fenix24 and ILTA Report Finds.