Legal Firm Survey: Cybersecurity

By admin - April 5, 2018

Pitcher Partners recently conducted our fourth annual Legal Firm Survey. The survey was designed to gain further industry insight and to help firms make informed decisions during times of rapid change.

Download the full report here.

Law firms appear to be under-prepared for cyber-attack

With cybercrime now the number one economic crime in Australia, organisations of all sizes, across all industries, are falling victim to data breaches. As legal firms hold, or have access to, intellectual property or commercially sensitive information regarding their clients, it is inevitable they will be targets of cyberattacks. Firms must prepare for “cyber threats” and ensure robust preventative measures are in place and kept up to date to keep their data, and their clients’ data, safe and secure.

A number of recent cybersecurity attacks on law firms have forced firms to confront these realities. Despite this, only 13% of our survey respondents said they had a disaster recovery plan in place in the event of a cyberattack. This suggests the legal profession is still playing catch up with other industries when it comes to cybersecurity. Whilst large firms are doing a lot of work to protect themselves, smaller law firms may not have the resources or general awareness to tackle the threat.

As of 22nd of February 2018, organisations with a turnover of $3 million or more fall within the scope of the new Privacy Act measures requiring mandatory notification of cybersecurity breaches. 

Under the new laws, in the event of a breach, firms must demonstrate how they have complied with the relevant legislation and taken reasonable steps to protect the firm’s data and systems. Penalties of up to $1.7 million for companies, and $340,000 for individuals may be payable for non-compliance of new Privacy Act measures. These penalties do not include the cost of reparation for clients impacted by the breach. Firms should therefore evaluate their cybersecurity policies and incident reporting mechanisms to ensure they meet their obligations under the Privacy Amendment (Notifiable Data Breaches) Act 2017.

Download the full report here.

Contact our experts

Other articles


Top of Page


Rob Southwell

Rob Southwell's picture


Managing Partner and Partner – Private Business and Family Advisory

> View profile

Nigel Fischer

Nigel Fischer's picture


Managing Partner - Private Business and Family Advisory

> View profile

Michael Minter

Michael Minter's picture


Managing Partner

> View profile

Leon Mok

Leon Mok's picture


Managing Director

> View profile

Brendan Britten

Brendan Britten's picture


Managing Partner and Executive Director/Partner- Business Advisory and Assurance

> View profile

Tom Verco

Tom Verco's picture


Managing Principal - Private Business and Family Advisory

> View profile

Partnership fraud


Paperwork and independent advice saves partnerships from fraud

Discover more

Kia Ora Horse Stud


Pitcher Partners fills a Financial Manager gap to keep the business on track

Discover more

Fuel Injection Company Administration


A fuel injection company began life as an Australian public company before being acquired by a UK publicly listed company while in the research and development stage of a “green...

Discover more

@PitcherPartner TALKING TAX | Craig Whatman, Alexis Kokkinos, Denise Honey & Aileen O'Carroll - Partners of our Melbourne firm - sp…