Lawyers and law firms are at risk of data security breaches and must have reasonable measures in place to address cyber security. This presentation will discuss some of the practical risks associated with data security and the ethical obligations of lawyers in dealing with cybersecurity issues. A lawyers primary ethical duties involve the duty of competency, which requires a reasonable understanding of issues involving technology and data security, and the duty of confidentiality, which requires that lawyers take reasonable steps to protect their communications with clients and their clients electronic data, and the duty to disclose significant developments related to the representation, including possible security breaches. We will discuss ethics opinions concerning reasonable measures and preparation for cyber incidents, as well as several common scenarios including ransomware, phishing, lost laptops, missing smartphones, and cybersecurity when working remotely. In addition, we will discuss the availability of cyber insurance. In addition, we will discuss ethical implications of recent data protection initiatives, including implementation of the right to be forgotten. We will discuss planning for a cyber security incident and disclosure to clients.