81% of Australian law firms are getting phished: survey

The number of cyber-related incidents has risen in the past year

81% of Australian law firms are getting phished: survey

A whopping 81% of Australian law firms have been targeted by phishing attacks, according to the results of a survey conducted for the 2024 State of Cyber Security in Law Report.

This reflects a year-on-year increase of 14% compared to the previous data set, cybersecurity and sovereign cloud provider AUCyber noted. The percentage of cyberattack attempts has also ticked up by 7% since last year, hitting 21%.

Of the 140 legal firms that participated in the survey, 56% pinpointed cybersecurity as the most significant concern when it comes to business operations. As per the report findings, the percentage of spoofing attacks soared from 23% to 35%; that of malware attacks rose from 17% to 27%; and that of identity-based attacks went up from 25% to 35%.

Despite the increase in attacks, 18% of respondents felt that their organisation’s cybersecurity measures were inadequate.

“Some Australian law firms are dangerously underprepared. The fact that 18% of respondents believe their firm was not doing enough to protect itself against a cyber-attack and 26% are unsure of their current protections is concerning”, AUCyber CEO Peter Maloney said. “Law firms should all be investing in strengthening their cyber defences with comprehensive detection and protection solutions, training, and specialist help with navigating governance, assessing risk, and meeting regulatory compliance”.

He highlighted 24/7 detection monitoring, phishing simulation, patching and maintenance of software and hardware, a documented and tested incident response plan, and staff training on cyberattacks as must-have security measures for law firms.

Australasian Legal Practice Management Association (ALPMA) CEO Emma Elliott added that cybersecurity was “not a set-and-forget item”.

“Firms must actively continue to manage, review, test, and strengthen their security posture”, she explained. “Our latest research continues to show the importance of, and need for, the legal industry to enhance their cyber defences and preparation plans to protect sensitive client data and maintain operational integrity”.

The 2024 State of Cyber Security in Law Report was commissioned by AUCyber. LexVeritas and ALPMA partnered with AUCyber in producing the report.