I am just one of more than 200,000 people to have downloaded the Panama Papers, a record for hacked documents. It was a gold mine.

The release contained 11.5 million documents chronicling the formation and actions of 214,000 offshore companies along with the names and manipulations of more than 14,000 clients. Among the clients are:

12 heads of state

More than 150 politicians

29 billionaires on the Forbes list

Multiple financiers of terrorism

Nuclear-weapons proliferators

Prominent sports and entertainment figures

Numerous CIA-linked companies

Implicated as well are dozens of major banks that worked with Mossack Fonseca in establishing these offshore entities. Among them are the banking giants Credit Suisse, UBS, Landesbank, and Rothschild.

Mossack Fonseca is the fourth-largest "asset protection" law firm in the world, and its cybersecurity measures were obviously lacking. But they are not alone. Studies indicate that law firms are easy pickings for hackers, and Bloomberg reported last year that more than 80% of US law firms had already been hacked. Yet these law firms guard the gravest of our secrets, whether corporate secrets or those of an individual, and the damage done from a data breach could, as we might see, even bring down a head of state, as Iceland's prime minister is discovering.

Why are law firms so vulnerable?

The practice of law is a venerable profession in which change comes slow.

The magazine Law Practice Today noted that the law profession had only within the past four years woken up to the reality of cyberthreats: "The need for better cybersecurity has been the focus of considerable discussion by law firms for the past four years. While some law firms have recently awakened to this key issue, significant further work needs to be undertaken."

In America, over half a million attorneys are working in more than 4,500 law firms. This gives an average just over 100 lawyers per firm.

Cybersecurity budgets at any firm employing 100 people, if they exist at all, are minimal. For most businesses of that size, the risks, in terms of potential damage from a hack, are small. But the damage of a data breach in law firms is monumental.

All law firms will have the following information in their possession:

Case or litigation strategy information, including settlement parameters and argument weak points

Confidential client business information

Attorney-client privileged communications and other legally privileged information

Client intellectual property, such as patent, copyright, and trade-secret information

A range of personally identifiable information of all kinds for employees, clients, and third parties, such as personal health information and various account and account-access information that include customers' name and address information

Payment card information, including card numbers and PINs