“It’s an issue about the data, fundamentally,” says Jake Olcott, a vice president at BitSight Technologies, a cybersecurity rating company. “More organizations that have this sensitive data internally are doing better to protect themselves, and so the bad guys who are interested in this data are having to turn to what they perceive are the weakest links in the supply chain. That’s why law firms are such targets.”