Here's a hypothetical but very possible scenario for a law firm: A hacker emails a law firm leader, saying he has obtained confidential and sensitive client information from the firm and will make it public unless the hacker is paid millions, in an apparent ransomware attack.

What should a firm do?

A panel of experts weighed in Thursday at a cybersecurity discussion during the American Bar Association's annual meeting in New York.