Managing Cyber Risks in Professional Services Firms

Sam Pitruzzello
February 25, 2019

Simply relying on technology such as spam filters, anti-virus/malware and firewalls isn’t enough to comprehensively protect your firm from cyber-attacks.

Many large companies and government organisations have experienced significant cyber-security incidents despite investing large sums of money not only on technology, but also by hiring dedicated cyber-security experts who keep watch around the clock. Cyber-criminals are becoming more sophisticated and can defeat just about any system and technology put in place. They are increasingly building their arsenal of attack vectors and continually search for weak points to access sensitive information. Now, you may be thinking, “why would cyber-criminals target my small company?” The answer is simple – you are most likely an easy target and a possible way into you big clients (large corporate and government departments). A good example is the 2017 attack on the Australian Defence Force’s multi-billion dollar Joint Strike Fighter program and surveillance plan projects where 30 gigabytes of data were stolen including information on its warship and submarine fleet (Clout, 2018). How did the cyber-criminals get into the ADF? They managed to hack their way into the ADF through one of their smaller sub-contractors.

The weakest link in any organisation is people – do you really know what your employees are getting up to online? Dark Reading’s Strategic Security Survey showed that over twenty five percent of cyber-security breaches are caused by insiders – your trusted employees. The report also found that 44 percent of organisations say authorised users and employees pose the greatest threat to data security and 61 percent of organisations believe negligent users will be the primary cause of a data breach in the next 12 months (Vijayan, 2018). Cyber criminals understand these weakness and use to their advantage by launching sophisticated cyber-attacks including social engineering and advanced persistent threats (APT) to get to the information they’re after.

Professional services firms, in particular accounting and legal firms, have rich client data and a wealth of personally identifiable information. This type of information is attractive for cyber-criminals. More importantly, professional services firms are knowledge-based organisations that rely heavily on computer and information systems. Therefore, reliable uninterrupted access to systems and data is crucial for business operations. An excellent case study of how a professional services firm suffered as a result of a cyber-security attack is DLH Piper. DLH Piper, like many large global companies, had their entire operations crippled by the Petya ransomware in June 2017. The Petya ransomware attack struck across the globe, taking out servers at Russia's biggest oil company and shutting down computers at multinational businesses, including the Australian offices of DLH Piper (ABC News, 2017). Ransomware is malicious software that locks up computer files with unbreakable encryption and then demands a ransom in the virtual currency bitcoin for its release.

Global law firm DLA Piper was the victim of this cyber incident and it is believed that the initial site that was infected was based in Eastern Europe. Australian staff were advised that all DLA Piper IT systems have been taken down to contain the situation and were warned not to attempt to log in to their computers or turn them on. DLA told its employees that is was unlikely IT systems will be fully restored during the course of the business day in the Asia-Pacific region (ABC News, 2017). It took DLH Piper 2 weeks to fully restore their IT systems. During this time, employees were encouraged to work from home and use personal email messages to communicate with clients.

Fortunately, there two important strategies you can implement to reduce your risks – educate your people and take out a dedicated cyber-insurance policy. Education is an important component to protect your business and employees from cyber-attacks. In the DLA Piper case, the ransomware that infected all computer systems globally would have started from at least one person opening a malicious email. Business Email Compromise (BEC) and email Phishing remains the most widely used cyber-attack vector. Organisations that have trained their users through simulated phishing tests and security awareness training can significantly reduce these risks. From a risk management and business insurance perspective, many insurance companies now offer dedicated cyber-insurance policies that provide further cover for your business. The premiums on cyber-insurance policies can be reduced by demonstrating an organisational wide commitment to reducing the risks of cyber-attacks by implementing appropriate technologies, strengthening business processes and investing in the education your employees.


ABC News 2017, ‘Petya cyber attack: Ransomware virus hits computer servers across globe, Australian office affected’, ABC News, accessed 8 February 2019, <>

Clout, J 2018, ‘More needs to be done by SMEs on cyber security: Angus Taylor’, Australian Financial Review, accessed 18 December 2018, <>

Vijayan, J 2018, DarkReading, ‘Data Breaches: Vulnerability Rising’, DarkReading.

More news

Engage consulting group creates long-term trusting relationships with our clients

Finding light in the darkness

Sarina Sorrenti
read more

How does your business compare? Demystifying strategic planning

Sam Pitruzello & Sarina Sorrenti
read more

7 Practices of Working Less Achieving More

Sarina Sorrenti
read more
View ALL
engage consulting group partners with business leaders to provide strategic advice and practical tools to support individual and business growth.
learn more

What we do

Strategic advisory

Achieve sustainable growth with high calibre strategic advisors, mentors and executive coaches

learn more

Helping Coaching Practices Grow

myhaventime provides Coaches & Coachees a dedicated team room to share, chat, ideate and grow.

learn more

Learning & development

Develop your people to create future leaders and the right culture

learn more

Venture partnership

Accelerate business growth and innovation through proven business practices

learn more


"myhaventime team has helped me work with my virtual team, we are more focused, productive and creative."

Thomas, myhaventime user

"Sam is a complete professional in all aspects of his work and is driven by delivering the best possible results for his clients. Sam's customer focus approach and attention to detail ensure that outcomes exceed expectations."

Pacific Wireless Communications

"Since Sam joined the board at CartonCloud in the capacity of company secretary, he has contributed significantly to the strategic direction of the company while placing us on a path to better governance. He has been instrumental in CartonCloud securing large government funding which will take CartonCloud to the next level in terms of our software functionality and capability. I have gained from Sam’s vast business experience and is the consummate professional in his dealings with me and the broader CartonCloud team."

Carton Cloud

"Incredibly inspiring, caring and passionate about her work, Sarina has worked closely with me and my team over the past two years (during a very demanding period) in developing clear strategies for individual and team development. The sessions required open & honest conversations and no matter how challenging the conversations were amongst the team, Sarina always made sure the discussions were inclusive and that everybody left the sessions with a smile. I would highly recommend Sarina and we are all looking forward to working with her into the future."

Deakin University

"Sarina has partnered with Deakin for many years. Sarina develops highly effective development solutions after closely ascertaining needs and diagnosing problems. The feedback we receive from participants attending Sarina's sessions is always glowing, with many requests for Sarina to come and work with teams or individuals. I highly recommend Sarina and Engage Consulting."

Deakin University


Get in touch

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Our details


engage Consulting Group Pty Ltd

Suite 5, 210 Lower Heidelberg Rd

Ivanhoe East, Victoria, Australia 3079


86 104 175 402