Imagine you’re a cybercriminal looking to steal some lucrative corporate information—valuable trade secrets, perhaps, or maybe insider securities material. You could try hacking into a bank, but their security measures are increasingly strong. A phishing attempt may work, but again, many companies are growing more sophisticated. Instead, if you’re smart, you’ll go after the lawyers. Law firms, due to the nature of their business, are swamped with sensitive documents and many have notoriously poor data security, making them tempting, and potentially lucrative, targets.

It makes sense, then, that hackers are increasingly targeting law firms. One out of every 10 advanced cyberattack is aimed at a law firm, according to the Harvard Journal of Law & Technology, with the Ponemon Institute estimating that the average data breach costs $7.2 million, or $214 per client record.