Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

“We have backups” might be the most dangerous phrase in law firm IT. According to the ABA’s 2023 Legal Technology Survey, only 34% of law firms have an incident response plan – and far fewer regularly test their ability to actually recover from a disaster. Having backups and being able to recover from them are two very different things.

Most law firms have moved email, documents, and collaboration to Microsoft 365. And most assume Microsoft is backing up that data. They’re wrong. According to Microsoft’s own Services Agreement, “We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.” Microsoft provides infrastructure redundancy—if their data center has a problem, your data is replicated elsewhere.

Law firm economics are unforgiving. According to the Clio Legal Trends Report, the average attorney bills only 2.5 hours per 8-hour workday. When IT systems fail, that already-thin margin disappears entirely. Consider a 20-attorney firm with average billing rates of $350 per hour.

Here’s a number that should change how law firms think about IT security budgets: 37% of clients are willing to pay more for firms with strong cybersecurity measures. That’s not a soft preference – it’s a purchasing decision. According to the 2025 Integris Report on Law Firms and Cybersecurity, clients are actively factoring security into their choice of legal counsel.