find the latest legal job
Part Time Risk & Compliance Officer
Category: Other | Location: Brisbane QLD 4000
· Brisbane City · Flexible Part Time Hours
View details
Infrastructure Lawyer/SA
Category: Construction Law | Location: Sydney CBD, Inner West & Eastern Suburbs Sydney NSW
· Global elite law firm · Dedicated Infrastructure team
View details
In-House Legal Counsel (Mid to Senior)| Regulated Markets (Energy and Gas)
Category: Generalists - In House | Location: Melbourne CBD & Inner Suburbs Melbourne VIC
· Full PD on Request · Exciting High Impact Role
View details
Family Lawyer
Category: Family Law | Location: Eastern Suburbs Melbourne VIC
· Boutique Firm · Great Reputation
View details
Infrastructure Lawyers
Category: Construction Law | Location: All Perth WA
· We'd be particularly interested to hear from you if you were a lawyer who knows your way around the infrastructure and energy sectors.
View details
Firms, MPs could be exposed to cyber security liability

Firms, MPs could be exposed to cyber security liability

Jenny Thornton

Professional services firms, including legal, are now expected to take proactive steps to protect themselves from cyber attacks or risk liability exposure, lawyers have warned.

At a recent meeting, Clyde & Co partner Jenny Thornton (pictured) and senior associates Tim Searle and Steven Donley told Lawyers Weekly that the standard of care expected of companies in relation to cyber threats was increasingly high.

“Your standard of care 12 months ago, 18 months ago or two years ago, is very different to what the appropriate standard is now,” Ms Thornton said.

She suggested the firm had seen an uptick in claims for cyber breaches, citing an example where a hacker intercepted a client’s emails to their accountant and then forged a reply to authorise a trust account transfer.

As these attacks become more commonplace, however, she warned both companies and law firms would be held to increasingly stringent standards.

“From a professional’s point of view – including from a law firm's point of view – we are now having to upgrade our systems to deal with these issues,” she said.

“It won't be sufficient now just to have an email from clients authorising transfer of trust funds.”

As a minimum, she recommended firms encourage face-to-face meetings to establish the clients identify and discuss sensitive information.

In addition, firms should introduce authorisation passwords or security questions for any authorisations, establish confidential storage systems that are disconnected from networks, and double-check email authorisations via alternative means of communication.

“If you're not introducing those systems – the double-checks or triple-checks – you may be considered negligent, under your PI insurance or to the client,” she warned.

This increased responsibility is partly due to growing awareness of cyber attacks, Mr Searle suggested.

While it may once have been hard to anticipate a threat, the growing number of attacks have provided companies an insight into potential dangers.

“The criminals are getting more sophisticated but they're developing recognisable streams of attack,” Mr Searle said.

“It's quite exciting – for the first time, we can see where it's all heading.”

In particular, he suggested insurance companies were increasingly updating their professional indemnity policies to account for cyber attacks – which, in turn, often created new obligations for firms to meet that policy criteria.

The expected standard of care has also changed as regulators provide wider community information around cyber threats, Mr Donley said.

He pointed to ASIC’s Cyber resilience: Health check report released in March last year, which provided a checklist for companies seeking to protect their technology systems.

At the same time, Ms Thornton warned directors and officers, including managing partners, may be exposed to personal liability for cyber breaches in future.

“The one thing we haven't seen, but I'm expecting, is directors' and officers' claims,” she said.

“I think there is potentially exposure for directors, making sure their companies have enough cyber resilience.”

As an example, she explained, if a company’s share value crashed as a result of a cyber attack, the directors could theoretically find themselves on the hook for not taking steps to prevent the hack.

“We haven’t seen any of those yet but that would be a worry, both for managing partners of law firms, or accounting firms, but also directors of companies,” she said.

Like this story? Read more:

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

The legal budget breakdown 2017

Firms, MPs could be exposed to cyber security liability
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
Law Council of Australia
Nov 21 2017
LCA calls for urgent adoption of ‘game-changing’ recommendation
The Law Council of Australia has urged for the immediate adoption of a key recommendation put forwar...
Sally Wheeler
Nov 20 2017
ANU College of Law appoints new dean
A distinguished legal academic and the former head of law of a higher education institution in Irela...
Nov 17 2017
It's time for politicians to commit to eradicating domestic violence
The national shame of domestic violence cannot be left unaddressed, writes Christine Smyth. ...
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...