We are generally reluctant to offer advice to the judicial branch on mandating particular continuing legal education classes. The breadth of different practices in most cases defies requiring CLE on specific topics. Because it affects everybody, however, we urge that a course in cybersecurity be required of all attorneys—at least one in the next four years, when the requirement could be reconsidered.

The importance of cybersecurity and risks from sloppy practices are impossible to overstate.  Lawyers deal with the most confidential client records. Hackers are becoming more sophisticated. The American Bar Association Formal Ethics Opinion 477R (May 22, 2017) concluded that lawyers must make reasonable efforts to ensure communications are secure and not subject to inadvertent or unauthorized cybersecurity breaches.