Peter A Clarke

The Australian in Anxiety rising as law firms confirm cyber breaches reports on a survey conducted by the Australian Legal Practice Management Association and GlobalX that found almost 20 per cent of Australian law firms that responded had been victims of a cybersecurity breach. This figure is consistent with US findings, such as the Australian Bar Association 2017 Legal Technology Survey.

This is hardly news.  The American Bar released a report in January 2019 dealing with the threat to US law firms which also set out in a practical terms processes and systems which reduce a law firms exposure to a data security.  Australian law societies have come some way in doing something similar but not to the same extent. Unfortunately there seems to be a cultural problem with law firms resisting spending enough on IT security, spending what budgets they have badly and generally failing to develop and maintain decent privacy and data protection policies.  Training tends to be superficial and irregular.  Given the weakest part of any cyber defence is the humans manning the phones, responding to emails and operating the computers this is commonly a disaster waiting to happen.  Often the usual targets for phishing targets, junior administrative staff are ill prepared for an attack.

Law firms are particularly prone to phishing and hacking of email accounts.  Law firms, particularly those with a focus on commercial and property law, hold significant sums and bank details.  Law firms are also prone to ransomware.  In 2017 DLA Piper suffered a ransomware attack which forced it to shut down its world wide digital operations.

The other problem with law firms’ data security is the leakage of sensitive data to non authorised parties.  That can be a breach of ethics.  It happens more often than is admitted.  In the current Royal Commission into Lawyer X, Nicola Gobbo, the Age reported in July this year that the names of Gobbos handlers were sent to the lawyers for Gobbo’s former clients.

The Australian article provides:

The cyber breaches have come to light in a survey that also found 27 of the 172 firms covered by the survey — or just over 15 per cent — had been affected by recent data breaches.

While most cybersecurity breaches had taken place at ­medium to large firms, 87 per cent of firms covered by the survey were worried about the rise of this phenomenon.

The extent of cyber attacks on law firms has come to light in this year’s legal industry report by the Australian Legal Practice Management Association and ­online information company GlobalX.

The report also found that law firms of all sizes do not believe the average law graduate is adequately equipped with the skills they need for legal practice.

On cybersecurity, GlobalX’s Peter Maloney said Australian law firms should be taking the risk of hacking more seriously.

“It’s not only the information they hold on behalf of their clients, it’s the volume of funds that they hold in trust for their clients,” said Mr Maloney, who is GlobalX’s chief executive.

He cited the example of major law firms that might be involved in property developments that could leave them holding tens of millions of dollars in trust from purchasers.

The survey’s findings come soon after the Association of Corporate Counsel warned that law firms might be exposed to an increased risk of computer hacking after the High Court’s recent Glencore decision.

The court found that the Australian Taxation Office could use material covered by legal professional privilege that had been stolen from a law firm by hackers.

ACC vice-president Tanya Khan said the decision meant there was now potential for Australia to become the global repository for leaked or illegally obtained material.

On the skills deficit of legal graduates, the survey found that concern about the abilities of graduates was most apparent at small and large firms where 75 per cent of respondents did not believe graduates had the necessary skills.

Mr Maloney said the firms did not question the technical legal skills of graduates, but had identified a need for more work on “soft skills”.

“There is probably a need for a fair amount of work on how ­graduates need to learn to work in a team and communicate with work colleagues,” Mr Maloney said.

“The biggest area where improvement could occur is client interaction — and that has nothing to do with the technical side, it’s ­really about soft skills such as ­listening and communicating.”

He believed universities might need to focus more on preparing students to operate in a legal workplace.

The survey found 71 per cent of firms believed most graduates needed training in client interaction, 63 per cent nominated time management and 51 per cent said graduates needed to work on their writing skills.

The survey also found a degree of ambivalence among law firms about the use of artificial intelligence. More than 90 per cent believed technology would be essential to their success over the next five years, while 60 per cent believed they were well-equipped to deal with any changes. But half had no plans to outsource work to AI in the next two years.

Another 30 per cent of ­medium to large firms were concerned that future technologies might affect job security, while small firms were more confident with just 16 per cent concerned about the impact on job security.

But in almost 75 per cent of firms, the use of technology has lifted productivity.

The report accompanying the survey says technology is having a largely positive impact within legal workplaces.