The 2023 State of Cyber Security in Law study, run in partnership with AUCloud and LexVeritas, has revealed how much work the Australian legal sector has ahead of it to meet the increasing threat of cybercrime.
The study polled 106 law firms across Australia and New Zealand.
Recognizing the Reality of Cyber Threats
With sophisticated cyber-attacks and data breaches on the rise in all industries, it’s not surprising that 53% of firms indicated that their biggest operational challenge is currently cyber security.
A significant 84% of respondents expressed concerns about future cyber breaches, highlighting the growing awareness within the legal sector of the potential risks. This apprehension is fueled by the understanding that cyber-attacks are no longer isolated incidents; they can hit anyone at any time, with law firms a particularly rich target.
Peter Maloney, CEO of AUCloud, says, “Australia is one of the most (cyber) attacked countries in the world because of our significant economic position, strategic geopolitical position, and advanced technological infrastructure.”
Many firms aren’t just aware of the risk from news articles and industry reports; they’ve seen it first-hand. The study uncovered that 14% of respondents had experienced a cyber-attack attempt in the past year. These attacks encompassed a range of tactics, including phishing, identity-based attacks, malware, denial of service, spoofing, and insider threats.
Addressing the Challenge Head-On
To address these concerns and protect their clients’ data, law firms are taking concrete steps. Over 47% of surveyed firms have dedicated staff members responsible for managing and addressing cyber security risks, and 85% of survey respondents lean on external IT support.
However, more needs to be done. Over 50% of respondents were not confident their firm was as secure as it could be against a cyber-attack and 19% felt their company was not doing enough to protect itself.
One key challenge identified by respondents is the lack of employee awareness and training, leaving firms feeling vulnerable even as they attempt to mitigate cyber risks at strategy and policy levels.
A Call for Preparedness
While 34% of firms surveyed admitted to not having a published cyber incident plan, and 31% had incomplete ones, the survey results serve as a wake-up call.
“Although the volume of cyber threats in Australia is at an all-time high, they can be mitigated if the appropriate cyber security measures and protocols are in place. The issue we see is many organisations don’t act until it’s too late,” said Mr Maloney.
Ms Emma Elliott, CEO of the Australasian Legal Practice Management Association (ALPMA), said the results and report were a timely reminder to the legal industry.
“Cyber security is an ongoing and very real threat to our members and their firms. that’s why our association is partnering with industry experts to provide further education, support, and guidance in how to be more prepared.”