Business Cyber Security delivered via Cloud
Free Call:
Email:
Company Address:
116 Gawler Place
Adelaide SA 5000
Postal Address:
PO Box 1235,
Glenelg South SA 5044
Copyright © 2024 | Magnetic Alliance Cyber Pty Ltd | Designed by Magnetic Alliance
Impact of Cyber Attacks on Law Firms in Australia
Cyber attacks against businesses are on the increase globally; a trend that has accelerated due to the COVID Pandemic. One estimate states that ransomware attacks have increased by 500% since the start of the pandemic and the average payment has also increased by 43%.[i]
Australian businesses have felt the surge of cyber crime. Industry experts have indicated the annual monetary costs due to cyber crime could be as high as $29Billion per annum in Australia.[ii]
Unfortunately, Law Firms are a key target for cyber criminals. From July-December 2020, legal service firms were one of the top 5 industries in Australia to report an eligible breach as part of the Australian Government’s Notifiable Data Breach Scheme.[iii]
However, there are strategies business owners can put in place to drastically minimise the risk of a cyber attack.
The stats: cyber attacks on law firms
The recent Australian Cyber Security Centre Small Business report highlighted that 62% of small-medium businesses (less than 200 people) in Australia had experienced a cyber attack. However, the statistics on law firms alone in Australia are hard to come by. According to the Director of Australian Information Security Association, this is due to the fact that many cyber attacks go unreported. [iv]
“A lot of law firms would actually attempt to hide that (cyber attacks) information to the extent they can. They’ve got a vested interest in trying to save face. They’ve got a vested interest in not making a notification in certain circumstances.”
– Nicole Murdoch, Director Australian Information Security Association
Whilst the exact figures in Australia are not recorded, there is evidence that globally law firms are experiencing increased attacks, exacerbated by COVID-19 pandemic.
In the US, an American Bar Association report found 29% of law firms reported a security breach, and 1 in 5 weren’t sure if there had been a breach.[v] And a report from Law Society Gazette stated UK law firms had experienced a 300% increase in phishing attacks during the first two months of (COVID-19) lockdown alone.[vi]
Why are firms being targeted?
“Businesses that are most at risk of being targeted are those that hold personal or sensitive information on a lot of people or on particular individuals. Professional services such as law practices are at particular risk because they hold large amounts of detailed data about individuals.”[vii]
Cyber crimes are becoming increasingly sophisticated and strategic. This has resulted in both attacks becoming harder to defend against, and victims being more targeted. Whilst there are major attacks on large companies where attackers will demand millions, sophisticated attackers are targeting small to medium businesses with the following criteria:
Law firms fit all three categories in spades. Specifically, legal firms hold highly confidential information about clients that would often be detrimental if it were to be made public. Cyber criminals are aware of this and thus can easily hold firms to ransom by stealing and encrypting this data.
“Law firms and legal industry suppliers are high value targets for ransomware and cyber-attacks, as the data they house is always client-confidential and potentially industry-sensitive; and with the exponential business utilisation of technology this past year, law firms and law firm suppliers are becoming increasingly vulnerable to attack,”
Jeremy Duffy, Nexus Principal.[viii]
What is the impact of a cyber attack for law firms?
“There’s no question that data breaches and hacking activities are some of the biggest threats to legal and conveyancing professionals today,”
– Peter Maloney, GlobalX chief executive.[ix]
There are three core implications for law firms who experience a data breach or cyber attack.
Cyber criminals are almost always after one thing: money. This results in attacks where data is held to ransom and companies must pay a ‘fee’ for the data to be returned. It can also result in account fraud and redirection and social engineering – where scammers convince companies to pay false bills. However, the additional cost for many small businesses is the high downtime of production during an attack. On average, it takes 23 days to resolve an attack, and 51 days to resolve if the attack is by an employee.[xi] The resolve can be both costly to contract experts to solve, as well as costly due to the productivity lost.
Brand and reputation can be greatly impacted by a data breach. The Australian Notifiable Data Breach Scheme requires eligible companies, and/or breaches, to be officially registered. Further, the scheme requires all individuals impacted by the scheme to be notified. This can lead to both media scrutiny and leave clients feeling anxious and insecure. Further, brand implications can have lasting affects on long term business prospects.
The additional implications for legal firms stem from the expectation clients have of confidentiality. The Law Society of SA highlights that firms that do not adequately protect their client’s information could face:
What can law firms do to protect themselves?
The good news is there’s a solution. Firms can easily put in place systems and tools to dramatically reduce the risk of cyber attacks. Three key areas all business should implement are:
At Jam Cyber, our Cyber Security Management System includes all these areas. Contact our team today to ensure your law firm is cyber safe.
[i] https://theconversation.com/the-increase-in-ransomware-attacks-during-the-covid-19-pandemic-may-lead-to-a-new-internet-162490
[ii] https://www.nortonrosefulbright.com/en/knowledge/publications/18dae28e/2020-the-year-in-cyber-breaches#3
[iii] https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/notifiable-data-breaches-report-july-december-2020/#chart15
[iv] https://www.law.com/international-edition/2021/02/19/australian-law-firms-remain-vulnerable-to-cyber-attacks-experts-say/
[v] https://www.forbes.com/sites/forbestechcouncil/2021/03/12/ransomware-attackers-take-aim-at-law-firms/?sh=503c8950a13e
[vi] https://www.insurancebusinessmag.com/au/news/cyber/australian-legal-services-provider-hit-with-cyber-attack-240044.aspx
[vii] http://lca.lawcouncil.asn.au/lawcouncil/cyber-precedent-essentials/cyber-precedent-reality#ftnref1
[viii] https://nexuslawyers.com.au/about-nexus/cyber-security-measures-2021/
[ix] https://www.thelawyermag.com/au/news/general/how-many-law-firms-have-recently-suffered-cybersecurity-breaches/208077
[x] http://lca.lawcouncil.asn.au/lawcouncil/cyber-precedent-essentials/cyber-precedent-reality#ftnref1
[xi] http://lca.lawcouncil.asn.au/lawcouncil/cyber-precedent-essentials/cyber-precedent-reality#ftnref1
[xii] https://www.securelink.com/blog/reputation-risks-how-cyberattacks-affect-consumer-perception/
[xiii] https://www.lawsocietysa.asn.au/Public/Publications/Resources/CyberSecurity.aspx
[xiv] https://www.lawsocietysa.asn.au/Public/Publications/Resources/CyberSecurity.aspx
[xv] https://jamcyber.com/does-my-business-need-cyber-security/
Related Posts:
The Pros (and Cons!) of ISO 27001 for Australian SMEs
The Pros (and Cons!) of ISO 27001 for Australian SMEs Each year, the number of cyber risks faced by small
The Benefits of Restricting USB Access for Employees
The Benefits of Restricting USB Access for Employees One of the most underestimated measures for protecting an organisation’s data is
How and Why to Block HTM/HTML Attachments in Outlook 365
How and Why to Block HTM/HTML Attachments in Outlook 365 Microsoft Outlook 365 is one of the most popular business
Building a Positive Cyber Security Culture
Building a Positive Cyber Security Culture A successful cyber security culture starts at the top. We often hear the term
Recent Posts
Categories