The recent hack of one of the biggest celebrity law firms in the world should be a wake up call for law firms nationwide. As always, prevention is far better than reaction. Not only is a ransomware attack a major disruption and economic hit, and possibly a devastating one, it likely amounts to an ethical violation per the ABA – and failure to timely inform clients of an attack certainly is. Insurance coverage, if any, could be questionable. In one case cited in this post from Security Boulevard, the carrier did cover the $20,000 ransom but refused a claim for $700,000 in lost billings, and as a general matter “insurance carriers in 2020 are gearing up to litigate such claims.” As to the grim question of whether to pay up, even the FBI can’t seem to come up with a consistent answer. This post concludes with eight specific concrete steps firms can take to reduce their vulnerability.