Law firms, holding vast amounts of sensitive, confidential data, are increasingly becoming targets for cybercriminals, placing corporate clients at risk. In a 2023 lawsuit, Mondel?z faced legal action after its law firm, Bryan Cave Leighton Paisner, suffered a data breach, exposing sensitive employee data. This case highlights the growing concern that corporations could be held liable for their law firms’ cybersecurity failures. Legal experts warn that companies cannot outsource their “duty of care” and must take steps to mitigate risks, including evaluating law firms’ security practices, limiting data shared with outside counsel, and ensuring indemnity clauses are in place. With cybersecurity threats on the rise, companies need to rigorously assess third-party risk management, even with trusted law firms, to avoid potential financial and reputational damage. Proactive measures, like securing proper indemnity and data minimization, can help mitigate potential liabilities from such breaches.