Queensland Law Society

Is it Ethical (or legal) for law firms to pay cyber-ransom?

Is it Ethical for a Solicitor to pay ransom to unlock data?

Cyber-attack is an increasing reality for law firms of all sizes.  Prevention, of course, is better than cure by an order of magnitude.  But if the bad guys get through, one option to recover crypto-locked data is the payment of a ransom.  There has been doubt whether this is ethical for legal practitioners, who have a paramount duty not merely to observe the law but to actively uphold it. Our guidance on the subject concludes that, subject to some limited exceptions and at this point in time, it is not inconsistent with a solicitor’s paramount duty to pay cyber ransom if necessary.