In the episode, Haggar reflected that there is “no rest” on the horizon for lawyers in this space, with the remaining months of 2025 expected to be as manic as the start of the year has been.

“We are staying at full steam ahead,” she said, noting there are numerous factors driving such activity.

“One, the threat actors don’t take holidays, and in fact they take advantage of holidays to perpetrate their breaches while people are [out of the office], for example, for Good Friday and Easter, because that’s a really common time, just like Christmas and New Year’s Eve are.

“The second is we’ve got a lot of regulatory activity: we’ve got the new rules under the Cyber Security Act coming into force. We’ve got the new ransom reporting obligations coming into force. We have the new internet of things rules that are now published, which will come into force in 12 months’ time. So, businesses need to start to get ready. We have the APRA CPS 230 obligations, which start at the end of June. So, even if you’re not suffering a breach, there’s a lot of preparatory work that needs to be done to meet what ASIC and other regulators are considering minimum cyber security activities.

“So, unfortunately, no rest for cyber lawyers and for their clients. It’s going to be a busy year.”

VIEW ALL

The comments echo those of Pinsent Masons partner Veronica Scott, who told The Lawyers Weekly Show towards the end of last year why 2025 was shaping up to be such a pivotal 12-month period for lawyers in this space.

While there was a general slowdown in attacks as a lot of the threat actors globally were being incentivised for various reasons to focus their attentions on the US during its election cycle, attention has again turned to the rest of the world, Haggar explained.

During the Australian federal election campaign, she noted, increased attacks on Australian organisations were expected: “Not just the traditional attacks, particularly ones that law firms face around business, email compromises and funds transfers.”

Moreover, election-related attacks were also expected, she added, including misinformation attacks providing information about voting, with connections to national security.

These days, Haggar detailed, election disinformation and misinformation matters are “part of our remit as well”.

While the phishing and sending of information using IT systems “are our bread and butter, there’s a saying that all businesses now are part of the national security defence of Australia”.

“There is no organisation that’s not connected to the internet. And as soon as you’re connected to the internet, you, your systems, and your business become part of Australia’s national security picture,” she said.

“And so, any of the big brands in Australia can be used to send out certain information and be influenced, whether they intend to or not. Misinformation being perpetrated by threat actors online through all sorts of channels is probably an under a misunderstood and underestimated influence in [the] lead-up to elections and is not the traditional realm of where we are talking about cyber security as lawyers.”

There has been a “misconception for a long time”, Haggar said, that cyber security lawyers are just focused on privacy issues, or on cyber breach response.

Many lawyers in this space “have a really strong insurance background, but there’s a much broader range of skills needed to be a cyber security lawyer these days”.

Nowadays, she said, cyber lawyers “are drawing on the expertise of our government colleagues, of our litigation colleagues, and also bringing to the table those of us who’ve got national security experience as well”.

“Having to put all of those skills to test and keeping up with things, the pace of change in this area is really hard to keep up with – even for those of us who are doing it every day,” she said.

To listen to the full conversation with Annie Haggar, click here.