A study* of Australia’s top law firms has revealed the legal industry is at risk, concerned and underprepared for cyber-attacks.
The latest research conducted by peak industry body, the Australasian Legal Practice Management Association (ALPMA), and ASX-listed cyber security provider AUCloud captured the sentiment of 16% of the Association’s member firms, with respondents highlighting cyber security as the biggest challenge facing their law firm.
Peter Maloney, CEO of AUCloud, said fuelling the concern is the recognition that cyber-attacks can now happen to anyone, with the study revealing 14% of respondents having experienced a cyber-attack attempt in the past 12 months.
“Australian law firms know they are at risk, with 84% of respondents directly concerned about future cyber breaches,” Maloney said.
The cyber-attacks witnessed by law firms who participated in the survey included phishing, identity-based attacks, malware, denial of service, spoofing, and insider threats.
Over 50% of respondents were not confident their firm was as secure as it could be against a cyber-attack, and 19% felt their company was not doing enough to protect itself.
Whilst over 47% of firms had dedicated employed staff managing and addressing cyber security risks, it is not enough to put them at ease. The number one reason firms believed they were underprepared for a cyber-attack was a lack of employee awareness and training.
A lack of resources is impacting their preparedness, with 34% of firms surveyed not having a published cyber incident plan and 31% having an incomplete one.
Maloney said he was not surprised by the results and expects we would find similar results across other industries.
“Cybercrime is unfortunately the biggest threat to Australian business and is one of our fastest growing industries globally, and it has no prejudice,” Maloney stated.
“The Australian legal industry is aware of this risk and is seeking external assistance, with 85% of survey respondents using external IT support.”
“Australia is one of the most (cyber) attacked countries in the world because of our significant economic position, strategic geopolitical position, and advanced technological infrastructure,” Maloney said.
“Although the volume of cyber threats in Australia is at an all-time high, they can be mitigated if the appropriate cyber security measures and protocols are in place. The issue we see is many organisations don’t act until it’s too late.”
"Protecting client data isn't just a legal requirement; it's the foundation of trust in the legal profession."
Emma Elliott, CEO of the Australasian Legal Practice Management Association (ALPMA), said the results and report were a timely reminder to the legal industry.
“All businesses need to be well prepared for cyber-attacks, but legal firms have an added responsibility to their clients and the industry for the information they keep”.
“Our members vary in size from those with sophisticated cyber security infrastructure and systems in place to those who simply do not have the internal human resources to keep up with the changing face of cyber-attacks, and therefore rely on external parties to help to protect themselves and their clients’ information,” Elliott stated.
“Cyber security is an ongoing and very real threat to our members and their firms. that’s why our association is partnering with industry experts to provide further education, support, and guidance on being more prepared.”
AUCloud is a leading Australian sovereign cloud and cyber security solutions provider, specialising in supporting critical national industry businesses and Governments with the latest cloud infrastructure, backup and cyber security threat defence and response services.
Follow the link for further information regarding AUCloud.
* The 85 law firms surveyed in the study represented key industry organisations and were all members of Australasian Legal Practice Management Association (ALPMA).
Disclaimer: The views and opinions expressed in this article do not necessarily reflect the official policy or position of Novum Learning or Legal Practice Intelligence (LPI). While every attempt has been made to ensure that the information in this article has been obtained from reliable sources, neither Novum Learning or LPI nor the author is responsible for any errors or omissions, or for the results obtained from the use of this information, as the content published here is for information purposes only. The article does not constitute a comprehensive or complete statement of the matters discussed or the law relating thereto and does not constitute professional and/or financial advice.