Every lawyer dreads falling victim to a ransomware, malware, or phishing attack. But an even worse fate is suffering a data breach without having a plan in place, a panel of privacy practitioners told the audience May 31 at a recent American Bar Association conference.

Firms can’t rely on just cybersecurity measures to protect them, because lawyers themselves are often to blame when hackers get through the gates. Steven M. Puiszis, the deputy general counsel and privacy and security...