Cyooda CEO John Reeman, a former Biglaw CISO, shares his expertise of responding to cyber incidents and how being prepared is critical during the first 72 hours of a breach.
When your law firm suffers a cyber attack, the clock starts ticking. What you do next, in the first few hours can mean the difference between quick recovery or months of disruption, client loss, and lasting damage to your reputation.
For Australian law firms, the threat is no longer hypothetical. Ransomware groups and email attackers are actively targeting legal practices because they know you hold what they want: sensitive, privileged, high-value data.
This isn’t just about your IT team. It’s a leadership issue. A reputational issue. A regulatory issue.
The moment your security operations team starts to notice suspicious behaviour or alerts of suspected intrusion, the clock starts ticking. It’s a cat and mouse game and what you do next and how you respond will decide your future. We recently helped a Biglaw firm respond to a cyber breach and were able to contain the threat within 12 hours. Fortunately, they were prepared, had the right tooling, had a plan in place and called us in early. If there had been any delay, which we sadly see all too often, the story outcome would have been very different.
The Australian Cyber Security Act now requires timely notification of cyber extortion or ransomware payments. Insurance policies often require immediate containment actions and forensic evidence. Clients expect transparency, but only after you’ve taken the right internal steps.
Do you know who takes the lead when an incident hits?
Who gets called first your insurer, the regulator, or your board?
How will you protect legal privilege while communicating externally?
If journalists get wind of the incident, are your people ready?
These aren’t theoretical questions, they’re what real firms are grappling with under pressure often for the first time, and in public view.
At Cyooda, we’ve helped respond to hundreds of incidents across the legal and corporate world. Through our penetration testing assessments, aimed at identifying key gaps in an organisation’s defensive measures, we see the same patterns show up time and again:
Response plans that are outdated or sitting in a drawer
No clear roles or decision-makers
Poor coordination between legal, IT, execs and marketing
Delayed response due to confusion or inaction
No understanding of where sensitive data resides or critical assets
Lack of rapid incident response capabilities and slow containment of threats
Poor defensive controls, lack of auditing and governance
These gaps lead to costly delays and give attackers more time to move, exfiltrate data, or demand a ransom.
We’ve taken and condensed decades of digital forensics and cyber incident response experience and built something practical for firms just like yours:
We call it the 72-Hour Cyber Crisis Response Kit.
It’s free and designed to help you lead confidently in the face of a cyber crisis.
Inside the kit, you’ll get:
A crisis response plan framework workflow tailored for law firms
Templates for notifying clients, media, and the OAIC
Evidence preservation tips to support legal proceedings
A ransomware response workflow template
Access to our Interactive Cyber Response Tool Scorecard
The scorecard uses our Cyooda Security Colour Code Method, a framework refined over 25 years responding to ransomware, business email compromise, and insider threats. It helps you assess readiness across essential areas like:
Crisis Management and executive decision making
Communication and reporting
Backup and restoration
Forensic readiness
Containment and threat removal
You’ll come away with a clear score and actionable next steps.
Law firms are now one of the top four sectors reported to the OAIC. Clients, insurers, and regulators are all expecting a higher bar and law societies across Australia are signalling that cyber governance is now part of professional conduct.
If you’re on a legal panel or working with financial institutions, you’ve likely already seen mandatory cyber requirements. More will follow.
Cyber preparedness is no longer just smart risk management it’s becoming a condition of doing business.
✅ Get the kit. Score your readiness.
✅ Use it to identify gaps.
✅ Start building your firm’s muscle memory before it’s tested.
✅ Use the plan to implement actionable next steps.
👉 Click here to download the free 72-Hour Cyber Crisis Response Kit
This is your chance to prepare with purpose, detect what matters most and respond with confidence when it counts.