An independent cybersecurity review across Pennsylvania’s top law firms reveals a wide range of performance. While some firms demonstrate solid email security controls, several of the largest names in Philadelphia and Pittsburgh show meaningful weaknesses.
Cybersecurity Scores of Top Pennsylvania Law Firms
Overall compliance scores from audit.emailmenow.com. Re-run any domain at the link to verify.
| Rank | Law Firm | Overall Score | Performance |
|---|---|---|---|
| 1 | Fox Rothschild | 64% | Good |
| 1 | Pietragallo Gordon Alfano Bosick & Raspanti | 64% | Good |
| 1 | White and Williams | 64% | Good |
| 4 | Morgan, Lewis & Bockius | 60% | Above Average |
| 5 | Dechert | 54% | Average |
| 5 | Blank Rome | 54% | Average |
| 5 | Ballard Spahr | 54% | Average |
| 5 | Eckert Seamans Cherin & Mellott | 54% | Average |
| 9 | Reed Smith | 50% | Below Average |
| 10 | Buchanan Ingersoll & Rooney | 48% | Below Average |
| 10 | Marshall Dennehey | 48% | Below Average |
| 12 | Stradley Ronon | 45% | Weak |
| 12 | Post & Schell | 45% | Weak |
| 14 | Klehr Harrison Harvey Branzburg | 44% | Weak |
| 15 | Cozen O’Connor | 39% | Weakest |
| 16 | Saul Ewing | 38% | Weakest |
Key Findings
- Best performers: Fox Rothschild, Pietragallo, and White and Williams tie at the top with 64% — but no Pennsylvania firm reached a strong (70%+) posture.
- Lowest performers: Saul Ewing (38%) and Cozen O’Connor (39%) trail the field, indicating significant gaps in email authentication and transport security.
- A large cluster of well-known firms sits at 54% and below, notable given the high-stakes corporate, litigation, and regulatory work Pennsylvania firms handle.
- Common weaknesses include weak DMARC policies and missing transport security (MTA-STS).
Why This Matters in Pennsylvania
Pennsylvania law firms manage privileged client information across corporate, healthcare, and financial matters. Weak email security increases the risk of Business Email Compromise, domain spoofing, and exposure of confidential client data — undermining the duty of confidentiality under the Pennsylvania Rules of Professional Conduct.
See also — national audit
Recommendations
Pennsylvania law firms should prioritize:
- Implementing a strict DMARC policy (
p=reject) - Enabling MTA-STS and monitoring TLS reports
- Regularly auditing email and domain security configurations
- Conducting ongoing security awareness training
Protect your firm. Run a free Instant Cybersecurity Audit at audit.emailmenow.com/?industry=law-firms to see your firm’s current score and specific recommendations.
Contact EmailMeNow IT Consulting for help improving your email security and overall compliance posture.
Source & methodology: Overall compliance scores from the free scan at audit.emailmenow.com — each domain checked for email authentication (SPF, DKIM, DMARC), transport security (MTA-STS/TLS), website security headers, and network security. Re-run any domain at the link to verify.