“Law firms are being heavily targeted now because they have a lot of sensitive information and they need to operate,” said Brian Levine, managing director of Ernst & Young’s cybersecurity and data privacy practice.