Login
Aussie firms ‘dangerously underprepared’ for cyber threats
A new report shows that law firms across the country remain critically underprepared and vulnerable to cyber threats and will be unable to defend themselves.
Daniel Croft
Editor’s note: This story first appeared on Lawyers Weekly’s sister brand, Cyber Daily.
The report, conducted by ASX-listed cyber security firm AUCloud in partnership with legal support provider LexVeritas and the Australasian Legal Practice Management Association (ALPMA), surveyed 140 legal firms.
The survey found that over half (56 per cent) of firms consider cyber security to be their biggest concern as a business.
The survey also found that cyber attacks in the industry had risen by 7 per cent, with over one in five (21 per cent) respondents saying they had been targeted by cyber criminals.
Phishing attacks were the most common form of cyber attack, with four in five (81 per cent) reporting phishing attacks, a 14 per cent year-on-year increase.
In regard to their firm’s cyber standing, 18 per cent said they believe their firm wasn’t doing enough, while 26 per cent were unsure.
The report follows AUCloud’s commentary from April of this year that cyber attacks were now a daily occurrence across the law firm landscape in Australia.
“Some Australian law firms are dangerously underprepared. The fact that 18 per cent of respondents believe their firm was not doing enough to protect itself against a cyber attack and 26 per cent are unsure of their current protections is concerning,” said AUCloud chief executive Peter Maloney (pictured).
“Without robust and effective cyber security protocols, firms face severe operational disruptions, financial losses and irreparable reputational damage.”
“Law firms should all be investing in strengthening their cyber defences with comprehensive detection and protection solutions, training and specialist help with navigating governance, assessing risk and meeting regulatory compliance.”
“At a base level, all law firms should have a cyber security strategy that considers 24/7 detection monitoring, phishing simulation, patching and maintenance of software and hardware, a documented and tested incident response plan, and be educating staff on how to recognise and mitigate attacks.”
