Email Security Audit of Top New York Law Firms in 2026

An independent review of email security across New York’s top law firms reveals a wide range of performance. While some firms demonstrate strong email security controls, several of the most prestigious names in the country show meaningful weaknesses.

Email Security Scores of Top New York Law Firms

Here are the real audit results:

Key Findings

• Best Performers: Paul Weiss (75%) and Wachtell Lipton (74%) lead New York firms with excellent scores.
• Lowest Performer: Sullivan & Cromwell scored the lowest at 39%, indicating significant gaps in email authentication and security controls.
• Several elite New York firms are still scoring in the 50s or below, which is notable given the high-stakes M&A, private equity, and regulatory work they handle.
• Common weaknesses include weak DMARC policies and insufficient transport security (MTA-STS).

Why This Matters in New York

New York law firms manage some of the most complex and high-value legal work in the country. Weak email security increases the risk of Business Email Compromise, domain spoofing, and exposure of privileged client information.

These risks are especially relevant given New York’s strict expectations around data protection and professional responsibility.

Recommendations

New York law firms should prioritize:

• Implementing a strict DMARC policy (p=reject)
• Enabling MTA-STS and actively monitoring TLS reports
• Regularly auditing email and domain security configurations
• Conducting ongoing security awareness training

Protect your firm.

Run a free Instant Cybersecurity Audit at audit.emailmenow.com to see your firm’s current score and get specific recommendations.

Contact EmailMeNow IT Consulting for help improving your email security and overall compliance posture.

Even many of New York’s most elite and prestigious law firms still have meaningful opportunities to strengthen their email security foundations.