Australian law firms ill-equipped for rising cyber threats

Australian law firms are dangerously underprepared in the face of increasing global cyber threats, a new survey has revealed.

The 2024 State of Cyber Security in Law Report indicates that more than half of the firms consider cyber security their most significant operational challenge, spotlighting severe deficiencies in their digital protections.

The survey, conducted by AUCyber in collaboration with LexVeritas and the Australasian Legal Practice Management Association (ALPMA), had a sample size of 140 legal firms. The data revealed that 56% of firms identified cyber security as their foremost concern, reflecting the sector's struggle with a remarkable uptick in cyber threats.

The survey findings show a marked increase in attempted cyber attacks, with 21% of firms acknowledging they had been targeted by cybercriminals, a 7% rise compared to the previous year. Phishing attacks, a common method of infiltration, impacted 81% of firms, signifying a 14% year-on-year increase.

Additional statistics from the report include:

• Spoofing attacks escalated from 23% to 35%.
• Malware attacks increased from 17% to 27%.
• Identity-based attacks surged from 25% to 35%.

Despite the uptick in attacks, 18% of firms felt they were inadequate in their protective measures, and another 26% were uncertain about their defence capabilities. Consequently, only 56% of firms expressed confidence in their current cyber security protocols.

"Some Australian law firms are dangerously underprepared," stated AUCyber CEO Peter Maloney. "The fact that 18% of respondents believe their firm was not doing enough to protect itself against a cyber-attack and 26% are unsure of their current protections is concerning." He added, "Without robust and effective cyber security protocols, firms face severe operational disruptions, financial losses, and irreparable reputational damage."

Emma Elliott, CEO of ALPMA, emphasised the importance of immediate action. "Our latest research continues to show the importance of, and need for, the legal industry to enhance their cyber defences and preparation plans to protect sensitive client data and maintain operational integrity," she said. "Law firms must continue to prioritise the strengthening of their cyber resilience through comprehensive solutions, robust employee training programs and seek expert guidance to safeguard against the growing threat landscape."

Maloney reiterated the necessity for significant investment in cyber protection measures. "Law firms should all be investing in strengthening their cyber defences with comprehensive detection and protection solutions, training, and specialist help with navigating governance, assessing risk, and meeting regulatory compliance," he noted. "At a base level, all law firms should have a cyber security strategy that considers 24/7 detection monitoring, phishing simulation, patching and maintenance of software and hardware, a documented and tested incident response plan, and be educating staff on how to recognise and mitigate attacks."

The 2024 State of Cyber Security in Law Report serves as a crucial resource for legal firms, providing comprehensive insights into the current threat landscape and actionable recommendations for improving cyber security measures. The report is accessible as a complimentary resource, offering vital guidance to help firms bolstering their defences against the rising tide of cyber threats.