Share this article on:
Australian law firms are critically underprepared to defend themselves against cyber threats, according to a new report.
Research conducted for the 2024 State of Cyber Security in Law Report has revealed that law firms in Australia are concerned by their cyber security standards and have gaps in their cyber armour, which they are worried will let in threat actors.
The report, conducted by ASX-listed cyber security firm AUCloud in partnership with legal support provider LexVeritas and the Australasian Legal Practice Management Association (ALPMA), surveyed 140 legal firms.
The survey found that over half (56 per cent) of firms consider cyber security to be their biggest concern as a business.
The survey also found that cyber attacks in the industry had risen by 7 per cent, with over one in five (21 per cent) respondents saying they had been targeted by cyber criminals.
Phishing attacks were the most common form of cyber attack, with four in five (81 per cent) reporting phishing attacks, a 14 per cent year-on-year increase.
In regards to their firm’s cyber standing, 18 per cent said they believe their firm wasn’t doing enough, while 26 per cent were unsure.
“Some Australian law firms are dangerously underprepared. The fact that 18 per cent of respondents believe their firm was not doing enough to protect itself against a cyber attack and 26 per cent are unsure of their current protections is concerning,” said AUCloud CEO Peter Maloney.
“Without robust and effective cyber security protocols, firms face severe operational disruptions, financial losses and irreparable reputational damage.”
“Law firms should all be investing in strengthening their cyber defences with comprehensive detection and protection solutions, training and specialist help with navigating governance, assessing risk and meeting regulatory compliance.”
“At a base level, all law firms should have a cyber security strategy that considers 24/7 detection monitoring, phishing simulation, patching and maintenance of software and hardware, a documented and tested incident response plan, and be educating staff on how to recognise and mitigate attacks.”
ALPMA CEO Emma Elliott said that investment in good cyber security is a major priority.
“Law firms must continue to prioritise the strengthening of their cyber resilience through comprehensive solutions, robust employee training programs, and seek expert guidance to safeguard against the growing threat landscape,” said Elliott.
“This is not a set-and-forget item. Firms must actively continue to manage, review, test, and strengthen their security posture.”