Cybersecurity, Wire Fraud, and Attorney Liability: The Growing Risk Landscape – JD Supra
Wire transfer fraud is on the rise, and attorneys are increasingly becoming prime targets for cybercriminals. With billions lost annually to fraudulent transactions, legal professionals who fail to implement robust cybersecurity measures can face negligence and legal malpractice claims from clients. At the same time, not all cyber insurance policies provide coverage for money held on behalf of others such as IOLTA escrow accounts used for transactional purposes, leaving law firms exposed to significant financial and legal repercussions. Even worse, when firms sue their insurers over denied claims, courts generally side with the insurer rather than the policyholder.
Wire fraud involves business email compromise (BEC), where cybercriminals use phishing tactics or infiltrate email systems to impersonate attorneys, clients, or third parties involved in financial transactions. According to the FBI’s 2023 Internet Crime Report, cybercriminals stole approximately $2.9 billion through BEC scams, with law firms among the most common targets.
A recent case, DeLuca et al. v. SutterWilliams LLC et al. (2025), illustrates how devastating wire fraud can be for attorneys. A cybercriminal impersonated attorneys via email and tricked a law firm into wiring $442,600 from a decedent’s estate to a fraudulent account. The firms much later discovered the deception when discussing (of all things) – not accepting wire transfers, but by then, the money was gone. The estate’s executor sued the attorneys for negligence, legal malpractice, breach of contract, and breach of fiduciary duty, claiming that their failure to verify transactions directly caused financial harm (Law360, 2025).
This case, while still pending, highlights how law firms, acting as fiduciaries, can face direct legal liability when failing to implement basic verification and cybersecurity protocols. Even if a firm is also a victim, clients can still hold attorneys accountable for failing to protect entrusted funds.
Attorneys have a duty of care to safeguard client funds and confidential information. If attorneys fail to implement cybersecurity safeguards, it can result in disciplinary action, malpractice claims, and reputational damage.
Even if an attorney did not knowingly facilitate a fraudulent transaction, failing to take preventive measures can expose them to liability. To mitigate these risks, attorneys must adopt proactive cybersecurity governance, including client data protection strategies and thorough verification protocols.
Many law firms assume that cyber insurance will cover wire fraud losses, but policies often contain exclusions that leave firms without coverage. There are several common gaps in policies, including:
Even when firms sue their cyber insurers over denied claims, courts often side with the insurer. According to Frederick Fisher in The Dangers of Late Notice under Professional Liability Policies and Claims-Made Insurance: The Policy that Changed the Industry, attorneys are the most common profession to have claims-made policy denials upheld in court (58 out of 224 cases). Courts consistently uphold denials based on:
One common mistake is assuming a cyber event is not a claim-worthy incident and waiting too long to notify the insurer. Cyber policies generally require notice when an event is first discovered regardless of whether the insured decides of “claim worthiness.” A policy requires that the insured cooperate with the carrier to investigate any loss, and the carriers have the right to associate in an investigation to mitigate or recover a loss. Additionally, carriers have developed sophisticated relationships with law enforcement, including the FBI and Secret Service, to effectuate active recovery or “clawback” of misdirected funds. Delayed reporting significantly impairs the ability of carriers and their law enforcement partners to assist with active recovery. Given these requirements, law firms should immediately report suspected wire fraud, data breaches, or phishing incidents to preserve coverage.
Given these rising risks, law firms must take proactive measures to prevent cyber fraud and mitigate liability:
Wire fraud targeting attorneys is on the rise, and the legal and financial consequences of inadequate cybersecurity protections are severe. Law firms that fail to implement basic security measures may face negligence and legal malpractice lawsuits. At the same time, cyber insurance policies do not always provide coverage, and insurers often deny claims based on policy exclusions, reporting failures, or coverage gaps.
Attorneys cannot rely solely on insurance to mitigate these risks. Instead, they must proactively strengthen cybersecurity defenses, implement fraud prevention protocols, and ensure compliance with policy terms to protect both their clients and their firm’s financial stability.
See more »
© Integreon
Refine your interests »
Back to Top
Explore 2025 Readers’ Choice Awards
Copyright © JD Supra, LLC
source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.
