A third of law firms in Australia are not investing in cybersecurity training.
The insight came from a study conducted by GlobalX and the Australian Legal Practice Management Association (ALPMA). The research also showed that a minority of legal professionals are confident that their firms can tackle a cyber attack.
“Lawyers and conveyancers host a vast amount of personally identifiable information (PII), which heightens their risk of cyber attacks in an increasingly digitised world. The research shows 79% of legal professionals are concerned about cybersecurity, but only 21% are confident that their firm can handle a cyber attack,” said Peter Maloney, GlobalX CEO.
“We see both obsolete and new technology as a major cause of breaches. In 2018 there have been an unprecedented volume of cybersecurity breaches involving a property transaction whereby a consumer has lost the funds to settle a property transaction. Legal firms cannot simply rely on a software vendor; they must wrap their technology investments in advanced proactive and reactive monitoring software and extensive staff training. It is clear that the lack of investment in regular cybersecurity training and slow adoption of modern technology is leaving an open door for cyber criminals,” he said.
He also said that while the majority of legal firms are aware of the Notifiable Data Breach Scheme, the study found that simple awareness is not enough to protect firms from cybersecurity risk.
“Our industry needs to invest in regular cybersecurity training and modern technology to protect against the second-most reported economic crime,” he said.
James Nunn-Price, Deloitte Asia-Pacific leader, said that professional services firms need to keep up with clients that are investing in cybersecurity.
“The industry needs to avoid being the weak link as enterprises and end clients invest in cybersecurity. Ransomware, often used to take over email communications between parties, is one of the most prevalent global cyber-crime threats and currently costs the Australasian legal industry millions annually,” Nunn-Price said. “These criminals can request large sums of
money before returning access to confidential client information. Meanwhile, this data can be used for insider trading and identity fraud.”