Cyber security skills fall short in law firms
Almost half of the legal industry reported Australia’s cyber security laws are insufficient and 72 per cent are concerned current regulations are open to privacy breaches.
In LexisNexis’s 2019 Decoding Cybersecurity: Cause and Effect Survey, respondents reported that despite 60 per cent of legal practitioners operating in this area, more than 85 per cent believe the industry still needs to upskill in cyber security measures.
LexisNexis Australia managing director Simon Wilkins said it was concerning, but not surprising, that a significant number of legal practitioners struggle to maintain expertise given the constantly evolving regulator and technological environment.
“It is alarming that the legal industry lacks preparedness and skills for protecting their own firm’s sensitive data which, when appropriated, can be leaked, or sold or held for ransom by malicious hackers,” Mr Wilkins said.
Mr Wilkins added it was “equally concerning” that the industry lacks the confidence in the current Australian cyber security regulations, with 72 per cent reporting they believe the recent Encryption Bill potentially allows for a breach of privacy.
Moreover, almost half of practitioners said they are not well prepared to act in case of a cyber attack and, while faced with a growing cyber security-related workload, 60 per cent are not confident in their knowledge of the notifiable data breaches scheme.
“Despite this alarming statistic, little is being done to address the skills gap with just a third of practitioners spending more than an hour a month training themselves or staff on cyber security,” said LexisNexis in a release on the study.
The demand for an increase in cyber security skills in firms is driven by the introduction of the GDPR, the Assistance and Access Act and a range of regulations which impact Australian businesses of all shapes and sizes.
As a result of growing cyber security threats and legislative changes, 58 per cent said their firm’s cyber security practice group billings increased by over 5 per cent. Almost 40 per cent said their billings increased up to 20 per cent, compared to prior years.
Head of International Cyber Policy Centre, Fergus Hanson, said cyber security should not be just an IT problem: “It’s everyone’s problem.”