GlobalX, in partnership with the Australasian Legal Practice Management Association, has found that one third of Australasian law firms are spending no time on cyber security training, despite statistics showing that Australians are spending more than $17 billion each year on combatting its impacts.
The research showed 79 per cent of legal professionals are concerned about cyber security but alarmingly, only 21 per cent have confidence that their firm would be able to handle a cyber-attack.
GlobalX’s CEO Peter Maloney said “lawyers and conveyancers host a vast amount of personally identifiable information (PII) which heightens their risk of cyber-attacks in an increasingly digitised world,” and highlights a need for firms to be investing in cyber security training and technology to mitigate the risks posed.
A major cause of breaches, Mr Maloney said, is both obsolete and new technology.
“In 2018, there have been an unprecedented volume of cyber security breaches involving a property transaction whereby a consumer has lost the funds to settle a property transaction,” he gave as an example.
“It is clear that the lack of investment in regular cyber-security training and slow adoption of modern technology is leaving an open door for cyber-criminals,” Mr Maloney continued.
“Legal firms cannot simply rely on a software vendor.”
Instead, “they must wrap their technology investments in advanced proactive and reactive monitoring software and extensive staff training,” he continued.
The rising trend of cyber security threats and the lackadaisical approach taken by law firms is posing a “multimillion-dollar” risk to the industry, according to Deloitte’s Asia Pacific leader for cyber risk, James Nunn-Price.
He said “the industry needs to avoid being the weak link as enterprises and end clients invest in cyber security.”
Ransomware, which is often used for the taking over of email communications between parties, “is one of the most prevalent global cyber crime threats and currently costs the Australasian legal industry millions annually,” Mr. Nunn-Price noted, highlighting that “criminals can request large sums of money before returning access to confidential client information.”
This confidential data can then be used for insider trading and identity fraud.
Mr Maloney also holds concern about the ways in which law firms are protecting their most valuable assets: their confidential client information.
“While the majority of legal firms are aware of the Notifiable Data Breach Scheme, the research shows that simple awareness is not enough to protect firms against cyber security risks,” he said.
“Our industry needs to invest in regular cyber security training and modern technology to protect against the second most reported economic crime.”