Skip to main content
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

Should Lawyers Urge Clients to Take Action on Cybersecurity?

By Casey C. Sullivan, Esq. on September 29, 2016 | Last updated on March 21, 2019

It's axiomatic these days that companies need to take cybersecurity seriously, lest they end up like the next Yahoo!, who recently revealed that it suffered the largest hack ever, potentially jeopardizing its plans to be acquired by Verizon. But cybersecurity protections can be restrictive and expensive, leading some clients to overlook them for as long as they can.

What's a lawyer to do? Surprisingly, the jury is still out, with some attorneys urging their colleagues to become more proactive in promoting cybersecurity among their clients, while others suggest a more cautious approach.

The Case for Being a Cybersecurity Advocate

Those arguing for a proactive approach to client cybersecurity include Alan Winchester, a partner at New York's Harris Beach. Speaking at ALM's cyberSecure conference on Wednesday, Winchester urged attorneys to ask their clients about data protection and tell them to seek out outside counsel should they be hacked or attacked, the New York Law Journal's Nell Gluckman reports.

"Rather than seeing cybersecurity as a reductive, restrictive, disabling part of our operations, I challenge every lawyer in the room to see it as an enabler," Winchester said. He recommended that firms develop data breach plans and have outside experts on call, should they need them. (It should be mentioned that Winchester is also a consultant at HB Solutions, a wholly-owned subsidiary of Harris Beach, which offers data privacy and cybersecurity services.)

And the Case Against

Not everyone was convinced. Solo practitioner Anand Ahuja wondered whether it was wise to offer advice about cybersecurity "unless my client comes to me and asks for a vendor," Gluckman reports. Ahuja's main concern seemed to be the risk of liability should things not work out.

"If something goes wrong, you are the co-defendant. Any advice you give has no value unless you're being asked," he said.

Winchester didn't entirely disagree, acknowledging that "you assume some risk by bringing another person to the table." But "the key is vetting," he argued, so that you can ensure that the person you recommend has the necessary skills and aptitude. Providing skilled, qualified experts can help attorneys attract "better clients," Winchester argued.

And the Jury Says?

We're inclined to side with Winchester here. Attorneys often advise clients about beneficial services the client might not have specifically asked for -- the crass term for this is "cross selling" -- whether it's estate planning or data protection.

And if you're doing your job well, making sure that any course of action you suggest to a client is a wise one and that the services you offer are actual what the client needs, the risks are likely to be minimal.

But that's just our two cents.

What do you think? Weigh in below.

Should lawyers proactively recommend cybersecurity protections for clients?
No, not unless the clients ask.
Yes, if it will benefit the client.
It depends...
online poll

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard