As Australia heads into 2025, sweeping reforms are transforming our digital landscape. The landmark Cyber Security Act 2024, alongside major privacy and Digital ID reforms, signals a significant overhaul of Australia's digital regulations. From mandatory ransomware payments reporting to enhanced privacy protections and a new Digital ID framework, these changes set clear expectations for how organisations handle cyber threats and personal information. With implementation deadlines approaching, businesses and government agencies face crucial decisions about compliance and digital security. Discover how these reforms will reshape Australia's digital future and what your organisation needs to know to prepare for the changes ahead.

The 2023 cyber incident affecting HWL Ebsworth was hardly the first data breach to have an impact on an Australian legal practice, but it was the largest and most devastating in terms of impact across individuals and sectors.

In the world of cyber risk, it’s often said that “humans are the weakest link,” which can be an exercise in blaming and shaming that is hardly helpful and puts a huge and unfair responsibility on individuals who may make a single, understandable mistake.

With cybersecurity breaches again in the news, and the announcement of Australia’s first cybersecurity coordinator to lead responses to cyber-attacks, we wanted to share some crucial insights that could significantly impact your law firm's security and reputation. Cybersecurity breaches result in serious financial losses, legal and regulatory non-compliance, and reputational damage. Cybercrime has become the number one business risk that law firms must prepare for.

This article has been accepted for Publication in IEEE Xplore and is © IEEE.

The banking system is part of Australia’s critical infrastructure, and integrity and trust in transactions is essential to our financial system.

The recent spate of reported cyber-attacks is likely due to both increased frequency and greater reporting obligations under Australian law.

Even without a formally recognised duty of technological competence, such a duty might be inferred by an Australian court having regard to reported levels of cybercrime, other professional duties and the official warnings by regulatory bodies.

Cybercrime is challenging organisations everywhere, with daily news stories about businesses, government organisations and even global IT companies that have been hacked. Law societies and insurers have been warning lawyers about cyber risk, in particular…

Be proactive in understanding your practice’s cyber security profile – do not regard it as a ‘set and forget’ issue.

Managing cyber risk is now an integral part of legal practice, and law firms should consider both risk management and risk transfer via insurance when planning cyber risk response.

Our article by Simone featured in the Law Society Journal, December 2018. Click though to read the full article where Simone discusses the types of scams impacting legal practices, and how they actually work. She highlights possible dangers in outsourcing responsibility for cyber resilience to external IT consultants and, how do different insurance policies respond?

Insights: Regardless of size, cyber risk is a significant risk to all law firms. Professional indemnity policies often provide broad coverage for third party claims but not the firm’s own losses. Cyber insurance can offer different, additional types of cover including specialist technical support.

Podcast: Panel discussion on Cyber Security for lawyers, featuring Simone as one of the panellists.

The Untold Story of NotPetya, the Most Devastating Cyberattack in History contains a fascinating discussion. Read the full article by Andy Greenberg on Wired.com