Cybersecurity misconduct risks for Victorian lawyers
Episode Summary: Victorian lawyers are now being held to a minimum cybersecurity standard, and failure can lead to professional misconduct findings. This episode examines cybersecurity professional misconduct risks, what regulators expect in practice and how new privacy and ransomware laws raise the stakes for every firm, big or small. Guest: • Simone Herbert-Lowe, founder, Law & Cyber • Professional indemnity specialist with more than 30 years of legal experience • Expert at the intersection of cyber risk and legal professional responsibility • / simone-herbert-lowe • https://www.lawandcyber.com.au Host: • Jayne Gurton, Law Institute of Victoria • [email protected] (mailto:[email protected]) | / law-institute-of-victoria Episode Overview: Cyber risk has moved from an abstract IT issue to a core professional responsibility for Victorian lawyers. In this episode, we examine cybersecurity professional misconduct through the lens of recent court decisions, regulatory guidance and real-world claims experience. Simone Herbert-Lowe explains how the “reasonable practitioner” standard is being applied in 2026, why human behaviour remains the weakest link in law firm security, and how small and mid-sized practices are often more exposed than large firms. The discussion also unpacks the VLSB+C minimum cybersecurity expectations, the expanded reach of the Privacy Act through AML/CTF obligations, and the impact of new laws on ransomware reporting and serious invasions of privacy. Listeners will gain practical guidance on what compliance looks like in day-to-day legal practice and where to focus limited time and resources. Topics & Timestamps: • 00:12 Why cybersecurity failures can now amount to professional misconduct • 01:25 Recent court cases shaping cyber risk expectations • 04:44 Why small firms are attractive cyber targets • 06:48 Behavioural breaches and human error in law firms • 09:26 The “reasonable practitioner” standard in 2026 • 12:38 Cloud services, offshore data and Privacy Act obligations • 14:21 Ransomware reporting and the statutory privacy tort • 16:29 Practical actions firms should take this week Key Takeaways: • Cybersecurity failures can now trigger findings of unsatisfactory professional conduct or misconduct. • Small and sole practices are as at risk as large firms. • Human behaviour, not technology, is behind many serious breaches. • The VLSB+C minimum cybersecurity expectations set a clear baseline for Victorian lawyers. • Privacy Act obligations can apply regardless of firm size through AML/CTF requirements. • Principals must be able to demonstrate practical, documented cyber controls. Resources & Links: • LIV Cybersecurity Hub – Practical guidance and resources for Victorian practitioners | https://www.liv.asn.au/cybersecurityhub • VLSB Minimum Cybersecurity Expectations – Regulator guidance setting baseline standards | https://lsbc.vic.gov.au/sites/default... • Australian Information Commissioner v Australian Clinical Labs Limited [2025] FCA 1224 – Federal Court decision on privacy and cyber breaches | https://www.austlii.edu.au/cgi-bin/vi... • ASIC v FIIG Securities Limited [2026] FCA 92 – Cybersecurity governance and regulatory enforcement | https://www.austlii.edu.au/cgi-bin/vi... • Mobius Group Pty Ltd v Inoteq Pty Ltd** \[2024\] WADC 114 District Court of Western Australia, decided 20 December 2024 https://www.austlii.edu.au/cgi-bin/vi... • Ransomware payment reporting factsheet – Department of Home Affairs guidance | https://www.homeaffairs.gov.au/cyber-... • OAIC guidance on statutory privacy tort – Overview of serious invasions of privacy | https://www.oaic.gov.au/privacy/your-... • Australian Privacy Principles: https://www.oaic.gov.au/privacy/austr... About This Podcast Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this pod...

Lawyers and AML/CTF enforcement: Two decades of lessons from the UK

The psychology behind scams – why cybersecurity is about people, not tech

Anthropic, OpenAI Should Not Be Allowed to IPO, Says Ed Zitron

Zero-Click Attacks: AI Agents and the Next Cybersecurity Challenge

1986: How to Spot the Upper Class | That's Life! | BBC Archive

Watch his reaction when he’s told he’s a GOOD BOY for the first time 🥹

The Frank Zappa Interview That Still Feels Dangerous Today (1984)

Fasten your cyber seatbelts: Cybersecurity tips for lawyers

Which country has the best education in the world? - The Global Story podcast, BBC World Service

Edward Snowden Reveals How They Spy on You

The French Do Not Care About Work

England - Argentinien, Highlights mit Livekommentar | FIFA WM 2026 | MAGENTA TV

How to Disappear Online and Become Untraceable

LAWYER: If Cops Ask "Where Are You Coming From?" - Say These Words

Risk vulnerabilities and money laundering typologies: What lawyers need to know

THESE Apps Are SPYING on You — Shut Them Off NOW!

The 21st century brain

I Was An MIT Educated Neurosurgeon Now I'm Unemployed And Alone In The Mountains How Did I Get Here?

City tried to CONDEMN property over 2 stray cats

