Allen & Overy risks losing trust if it stays silent on cyberattack

afr.com:

The Australian arm of Allen & Overy risks losing trust with clients and the public if it stays silent on the cyberattack the international legal firm suffered last week, the former boss of the government’s cybersecurity agency said.

Alastair MacGibbon, the former head of the Australian CyberSecurity Centre and an adviser to two prime ministers, told The Australian Financial Review that “the fact [Allen & Overy] is not making any comment is unhelpful”.

CyberCX chief strategy officer Alastair MacGibbon says Allen & Overy are not being helpful. 

The firm, which has approximately 25 partners and 130 fee-earning lawyers in Australia, counts critical infrastructure assets NBN Co and Port of Melbourne among its Australian clients.

Russian-linked hacking group LockBit is threatening to release files stolen from the London-based firm on the dark web from November 28.

A spokesperson for the Australian Signals Directorate said the ACSC was “aware of a cyber incident” involving the firm but said specific questions about it should be directed to Allen & Overy.

The Australian arm of the firm declined to comment on Tuesday, after saying on Monday it had “nothing further to add”.

A Home Affairs Department spokesperson said the government was aware of the cyberattack, and the National Office of Cybersecurity “stands ready to assist the Australian arm of the firm if required”.

Mr MacGibbon, who is now chief strategy officer at CyberCX, said “I suspect, since they are a law firm, they are spending most of their time worrying about the legal implications of speaking”.

The ASD’s annual cyber threat report has highlighted a “disturbing trend” of efforts to assist companies being hampered by lawyers primarily concerned with future damages