In today’s digitized world, even sectors traditionally operated behind stacks of paper and in the hallowed halls of courthouses are not immune to cyber threats.

Law firms, often seen as bastions of confidentiality and professionalism, have found themselves under siege by an increasingly sophisticated array of cyber criminals.  

The situation’s urgency was brought into sharp focus in 2017 when global law firm DLA Piper fell victim to the NotPetya ransomware attack. The breach paralyzed their operations across multiple countries, costing the firm days of downtime and significant financial loss. It was a stark reminder: the legal industry is in the crosshairs of cyber attackers.  

With this rising tide of threats, particularly ransomware, it has become paramount for law firms to test their cyber response mechanisms. One of the most effective ways to do this is by running tabletop exercises, allowing firms to rehearse their reactions to simulated cyberattacks in a controlled environment. 

Why Law Firms are Prime Targets for Ransomware 

  • Sensitive Information: Law firms store vast amounts of confidential information, making them attractive targets. 
  • Potential for High Ransom: Given the critical importance of the data, attackers believe law firms might be more likely to pay substantial ransoms. 
  • Reputation at Stake: A breach’s reputational damage might push firms to settle ransom demands quietly. 

Benefits of Tabletop Exercises for Law Firms 

  1. Preparation: They simulate real-world ransomware attack scenarios, preparing participants for real threats. 
  1. Interdepartmental Collaboration: They foster teamwork between IT, legal, administrative, and management departments. 
  1. Skills Assessment: They allow firms to identify areas of strength and weakness in their cybersecurity response. 
  1. Client Trust: Being prepared for threats reinforces client trust in the firm’s ability to safeguard their data. 

Related: Unlocking the Power of Cyber Security Tabletop Exercises

Six Steps to Conduct a Ransomware Tabletop Exercise 

  1. Objective Setting: Understand what you aim to achieve. Do you want to focus on initial threat detection, containment, response strategy, or recovery? 
  1. Scenario Design: Create a fictitious ransomware scenario tailored to your firm’s operations. Make it realistic and base it on known ransomware tactics. 
  1. Roles and Responsibilities: Clearly define the roles of each participant – who’s playing the IT lead, the communications lead, the decision-makers, etc. 
  1. Conduct the Exercise: Walk participants through the scenario, prompting them with injects (new information) at various stages to drive decisions and actions. 
  1. Review and Feedback: Once completed, review the exercise’s outcomes, discuss the decisions made, and gather feedback. 
  1. Update Response Strategy: Use insights from the exercise to update your ransomware response strategy, ensuring you’re better prepared for a real attack. 

Key Takeaways from our Ransomware Scenarios  

  • Immediate Action is Crucial: At the first sign of a breach, initiate your response protocol. 
  • Client Communication: Clients will be concerned about their data; having a clear communication strategy is vital. 
  • To Pay or Not to Pay: Decide ahead of time if paying the ransom is even an option, and under what circumstances. 
  • Other Specific Findings: There are often many other issues that are specific to your environment when you conduct tabletop exercises.  

Resource: Principles of Simulation Exercises – Online Training Course


Ransomware threats are real, and law firms are lucrative targets. Through tabletop exercises, your firm can be better prepared to navigate the murky waters of a ransomware attack, ensuring you protect not only your data but also the trust of your esteemed clients. 

Remember, in cybersecurity, preparation isn’t just about prevention; it’s about ensuring efficient and effective response when threats do arise. 

Rob Burton
Rob Burton

Rob is a Principal at PreparedEx where he manages a team of crisis preparedness professionals and has over 20 years of experience preparing for and responding to crises. Part of his leadership role includes assisting PreparedEx clients in designing, implementing and evaluating crisis, emergency, security and business continuity management programs. During his career Rob has worked for the US State Department’s Anti-Terrorism Assistance Program, as a crisis management consultant in Pakistan and Afghanistan where he negotiated with the UN and Pashtun tribal warlords and he served with the United Kingdom Special Forces where he operated internationally under hazardous covert and confidential conditions. Rob was also part of a disciplined and prestigious unit The Grenadier Guards where he served Her Majesty Queen Elizabeth II at the Royal Palaces in London. Rob was a highly trained and experienced infantryman serving in Desert Storm and commanded covert operational teams and was a sniper. Rob has keynoted disaster recovery conferences and participated in live debates on FOX News regarding complex security requirements and terrorism. Rob has a Queen’s Commendation for Bravery.