Lawyers and Cybersecurity: Talk to An Experts. Before It’s Too Late

By Stephen Embry on March 16, 2026

At Legalweek, while everyone else was talking about AI features, I sat down with Michel Sahyoun of NopalCyber to talk about something the legal profession isn’t paying nearly enough attention to: cybersecurity in the age of GenAI.

Some facts: the average time to exploit a breach is 29 minutes. AI tools can automatically and repeatedly probe for vulnerabilities. Cyber insurance that may not cover what you think it does. Backup systems that aren’t contractually required.

Law firms are particularly exposed and particularly complacent. Lawyers are bored by cybersecurity discussions. That’s a dangerous combination.

Here is my post for Above the Law.

TechLaw Crossroads is a no-bullshit blog written mainly by me. As Harold Ross, the New Yorker founding Editor said, “Everybody knows the news. Now tell us something about it.” That’s my goal. I am a former lawyer who practiced as a partner with a large law firm for the better part of 30 years. I was a trial lawyer, mostly in mass tort and, later, in data breach, privacy, and cyber insurance areas. I also write for Above the Law.

I am a panelist on LegalTech Week, a weekly roundtable of legal tech journalists where we discuss the most significant legal tech stories of the week.

Je ne regrette rien