Index  ›  world  ›  City PM
world · City PM ↗

Professional services firms the

City PM Published Jun 19, 2026 Reviewed Jul 3, 2026 ✓ Reviewed by citations.press editors
Citation-ready fact
Law firms are the current top target for cyberattacks due to the valuable client information they hold.
View source ↗
Citation-ready fact
Cybercriminals, including the 'silent ransom' collective (Luna Moth and Chatty Spider), are focusing on quiet data theft rather than encryption-based ransomware.
View source ↗
Citation-ready fact
In 2023, magic circle firm Allen & Overy (now A&O Shearman) was targeted by the LockBit ransomware group, which threatened to leak data stolen from a small number of the firm’s storage servers.
View source ↗
Citation-ready fact
Stewarts Law reported incidents in which criminals impersonated the firm, sending fraudulent emails and faxes to the public to exploit its brand identity.
View source ↗
Citation-ready fact
Cyberattacks on high street businesses like M&S last year triggered a wave of boardroom-level shifts in attitudes toward cybersecurity and increased demand for cyber insurance.
View source ↗

Professional services firms, particularly law firms, are the “current flavour of the month” for cyberattacks, driven by the valuable client information the sector guards.

Speaking to City PM, Holly Waszak, head of cyber claims advocacy at Marsh, said: “We’re seeing insurers come to us with law firms on their books, and they are trying to engage with clients as much as possible to forewarn them.”

Due to the nature of the work professional services firms carry out, they are seen as high‑value, information‑rich targets for cybercriminals. Firms hold all sorts of highly confidential information on file for clients, from M&A deals and trade secrets to contentious employment matters, exposing firms of all sizes to these threats.

Waszak highlighted that, because of this sensitive information, groups such as the ‘silent ransom’ collective, which includes Luna Moth and Chatty Spider, instead focus on quiet data theft rather than noisy encryption.

“They are using phishing tactics… so, calling these kinds of employees, partners, saying ‘we really need to access your computer, it’s your IT help desk support, can you give me remote access’.”

“Once they’ve got that access, they are immediately exfiltrating data, and they’re not bothering with deploying ransomware or encrypting data. They are simply exfiltrating whatever they can… then working out what they’ve got, and then extorting their victims, such as ‘we have all of this data from your clients, and you do not want this to be leaked, so here is our demand’,” she added.

This isn’t a new attack for law firms. Back in 2023, magic circle firm Allen & Overy (now A&O Shearman) was targeted by the notorious LockBit ransomware group, which threatened to leak data stolen from a small number of the firm’s storage servers. Most recently, Stewarts Law reported incidents in which criminals impersonated the firm, sending fraudulent emails and faxes to the public to exploit its brand identity.

For firms, the question is no longer whether they will be targeted, but how well they respond when they are. Waszak describes it as “not a matter of when, it’s if, and response is key”.

Leaders are urged to develop incident response plans that name decision‑makers, insurers, forensic providers, external counsel, and PR advisers, and that are rehearsed. “The incident response plan isn’t a stale document on a shelf,” she warned; tabletop exercises are essential to “flex those muscles”.

Waszak also argued that culture is as important as controls, as staff have to feel safe admitting a mistake quickly: “Anyone could do it, anyone can make that mistake,” she says, but the real danger is when employees stay silent and “threat actors can lurk on the systems for months”.

Last year, the headlines were lit up by cyberattacks targeting the most notable businesses on the high street, including M&S. This led to a wave of boardrooms shifting their attitudes towards cyber security, sparking demand for insurance coverage.  

This article was originally published by City PM ↗. citations.press indexes the source-backed facts above and links to the original. Something wrong? Corrections policy · Report an error