Australian law firms are facing a critical juncture in their cybersecurity preparedness, according to the latest findings from the 2024 State of CyberSecurity in Law Report. Conducted by AUCyber in partnership with LexVeritas and the Australasian Legal Practice Management Association (ALPMA), the report surveyed 140 law firms.
The results reveal that cybersecurity in law firms is now seen as the most pressing operational challenge for over half of these firms.
2024 State of Cybersecurity in Law Report
The 2024 report highlights a notable rise in cyberattacks on Australian law firms. Specifically, 21% of respondents reported being targeted by cybercriminals in the past year—a 7% increase from the previous year. The prevalence of phishing attacks is particularly alarming, impacting 81% of the firms surveyed, marking a 14% increase from the year before.
The data further highlights a significant rise in various cyber threats. Spoofing attacks have seen a dramatic increase, jumping from 23% to 35%. Similarly, malware attacks have surged, rising from 17% to 27%. Additionally, identity-based attacks have also grown notably, with their prevalence increasing from 25% to 35%.
Despite these online threats, there remains a gap in cybersecurity readiness among legal firms. The report indicates that 18% of firms feel their current protective measures are inadequate, while 26% are unsure about their defense capabilities. Consequently, only 56% of firms expressed confidence in their existing cybersecurity protocols.
Australian Law Firms are Critically Unprepared
Peter Maloney, CEO of AUCyber, expressed grave concern about the findings. Some Australian law firms are dangerously underprepared,” he stated. The fact that 18% of respondents believe their firm is not doing enough to protect itself from a cyber-attack, and 26% are uncertain about their current protections, is troubling. Without robust and effective cybersecurity measures, firms face severe operational disruptions, financial losses, and irreparable reputational damage.
Emma Elliott, CEO of ALPMA, also highlighted the urgent need for action. Our latest research underscores the importance of enhancing cyber defenses within the legal industry,” she remarked. Law firms must prioritize the strengthening of their cyber resilience through comprehensive solutions, robust employee training programs, and expert guidance to safeguard against the growing threat landscape.”
Maloney further emphasized the necessity for substantial investment in cyber protection. Law firms should be investing in comprehensive detection and protection solutions, ongoing training, and specialist assistance with governance, risk assessment, and regulatory compliance,” he advised. At a minimum, all law firms should implement a cybersecurity strategy that includes 24/7 detection monitoring, phishing simulation, regular patching and maintenance of software and hardware, a documented and tested incident response plan, and staff education on recognizing and mitigating attacks.