Legal sector “shockingly” vulnerable to cyberattacks, say experts