AUCyber logo
2024 State of Cyber Security in Law Report

A new survey by Australia’s legal industry’s peak body has revealed a critical vulnerability among Australian law firms, with more than half citing cyber security as their greatest operational challenge and exposing severe gaps in their defences.

Research for the 2024 State of Cyber Security in Law Report shows 56% of firms highlighting cyber security as their biggest concern as a business, while the sector is grappling with an alarming rise in cyber threats.

The survey of 140 legal firms was undertaken by ASX-listed cyber security and sovereign cloud provider AUCyber, in partnership with legal support provider LexVeritas and the Australasian Legal Practice Management Association (ALPMA).

The response showed an alarming rise in cyber-attack attempts, with 21% of firms saying they had been targeted by cybercriminals, representing a 7% rise on the previous year.

Phishing attacks remain rampant, impacting 81% of firms, with a year-on-year rise of 14% from the previous data set.

More figures from the 2024 State of Cyber Security in Law Report:

  • Spoofing attacks increased from 23% to 35%

  • Malware attacks increased from 17% to 27%

  • Identity-based attacks increased from 25% to 35%

Despite criminals ramping up their attacks on practices, a staggering 18% of firms said they did not believe their firm was doing enough to protect itself against possible cyber attacks and another 26% were ‘unsure’. That leaves just 56% of firms confident in their current cyber security defence measures.

AUCyber CEO Peter Maloney said the lack of protection and awareness from a large percentage of law firms was a ‘doomsday scenario’ that could lead to a major data leak or attack.

“Some Australian law firms are dangerously underprepared. The fact that 18% of respondents believe their firm was not doing enough to protect itself against a cyber-attack and 26% are unsure of their current protections is concerning,” Mr Maloney said.

“Without robust and effective cyber security protocols, firms face severe operational disruptions, financial losses and irreparable reputational damage.”

ALMPA CEO Emma Elliott said with cyber threats escalating, it’s imperative for all law firms and suppliers to the legal industry to invest in robust security measures.

“Our latest research continues to show the importance of, and need for, the legal industry to enhance their cyber defences and preparation plans to protect sensitive client data and maintain operational integrity,” Ms Elliott said.

“Law firms must continue to prioritise the strengthening of their cyber resilience through comprehensive solutions, robust employee training programs and seek expert guidance to safeguard against the growing threat landscape.

“This is not a set-and-forget item. Firms must actively continue to manage, review, test and strengthen their security posture.”

Mr Maloney said legal practitioners and firms need to start ramping up their cyber protection measures as criminals and hackers become more motivated and sophisticated.

“Law firms should all be investing in strengthening their cyber defences with comprehensive detection and protection solutions, training and specialist help with navigating governance, assessing risk and meeting regulatory compliance,” Mr Maloney said.

“At a base level, all law firms should have a cyber security strategy that considers 24/7 detection monitoring, phishing simulation, patching and maintenance of software and hardware, a documented and tested incident response plan, and be educating staff on how to recognise and mitigate attacks.”

The 2024 State of Cyber Security in Law Report is available to download as a complimentary resource.

Access report