Waking up to the news of a cyberattack is becoming almost a daily occurrence, and cyber risk looms at the forefront of many in-house lawyers’ minds. Companies may be creating better training, investing in security systems and bringing in consultants to avoid falling victim to a breach.

But that effort could be for naught if companies’ outside law firms, which receive some of their clients’ most valuable data, don’t hold up their end of the cybersecurity bargain with strong defense systems.