Cross-Examined cover art

Cross-Examined

Cross-Examined

Written by: The Law Institute of Victoria
Listen for free

The law never stops evolving. Now, Victorian lawyers have a new way to stay informed. Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts on hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. To make sure you don’t miss our first episodes, landing in early 2026. Find and subscribe to Cross-Examined on your favourite podcast app today.Copyright 2025 The Law Institute of Victoria Economics Social Sciences
Episodes
  • Cyber incident fallout: What happens when the proverbial bits hit the fan?

    Cyber incident fallout: What happens when the proverbial bits hit the fan?
    May 25 2026
    Episode Title:Cyber incident fallout: What happens when the proverbial bits hit the fan?Episode Summary:When a cyber breach strikes, the technical problems are only the beginning. In this episode, we examine cyber incident fallout and what really happens inside a law firm once an attack is discovered. From regulatory obligations to client conversations and reputational risk, this discussion unpacks the hard realities lawyers face in the aftermath of a breach.Guest:• Cameron Whittfield, Partner, Herbert Smith Freehills Kramer• Specialist in cybersecurity, information security and emerging technology law• Market-leading adviser on major cyber incident response across Australia• www.linkedin.com/company/herbert-smith-freehills• www.hsfkramer.com/our-people/c/cameron-whittfieldHost:• Jayne Gurton, Law Institute of Victoria• podcasts@liv.asn.au | https://www.linkedin.com/company/law-institute-of-victoriaEpisode Overview:Cyber incidents are no longer rare occurrences for law firms, but an inevitable eventuality with long-lasting consequences. This episode focuses on cyber incident fallout and the legal and human challenges that follow a breach. Cameron Whittfield explains what those first chaotic hours in the aftermath of a cyber incident look like, why early decisions on communications and privilege are so difficult to undo, and what regulatory obligations such as the Notifiable Data Breaches scheme need to be planned for and actioned. .This discussion offers practical insights into post breach response and communication, stakeholder relationships and performing under pressure during a crisis. Listeners will learn why preparation matters even more than technology spend and how reputations are shaped by what happens in the aftermath of a breach as much as the breach itself.Topics & Timestamps:• 01:34 The first call – what it feels like when a breach is first discovered• 05:15 Bringing calm and structure to the first 48 hours• 07:16 The human impact inside a firm during a cyber crisis• 09:31 Where responses go wrong and why communication matters• 12:48 Client conversations and professional obligations after a breach• 14:42 Common mistakes firms keep repeating• 29:50 What good preparation looks likeKey Takeaways:• The first 48 hours after a cyber incident shape legal, regulatory and reputational outcomes for years• Early communications decisions cannot be undone and require careful judgment• Blame cultures undermine effective crisis response and information sharing• Legal professional privilege must be managed carefully without blocking response efforts• Client trust depends on transparency, process and timing after a breach• Preparation and planning matter more than the size of a firm’s IT budgetResources & Links:• LIV Cybersecurity Hub – Practical guidance and resources for Victorian legal practitioners | http://www.liv.asn.au/cybersecurityhub • LIJ: Cyber risk and law firms – Analysis of cyber security obligations for legal practices | https://www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2025/02february/law_firms_and_cyber_risk.aspx • Office of the Australian Information Commissioner – Notifiable Data Breaches scheme overview | https://www.oaic.gov.au/privacy/notifiable-data-breaches • Australian Cyber Security Centre – Cyber security guidance for professional services firms | https://www.cyber.gov.au • Privacy Act 1988 (Cth) – Legislative framework governing data breaches | http://www.legislation.gov.au/C2004A03712/latest/text• Herbert Smith Freehills Kramer Cybersecurity Practice – Insight into cyber incident response | https://www.hsfkramer.com/insights/2023-06/surging-cyber-incidents-regulatory-activity-and-class-claims-in-australia About This Podcast:Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights.This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present.Disclaimer:This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters.Production Information:• Produced by: The Law Institute of Victoria• Producer and audio editor: Garreth Hanley• Music: Garreth Hanley• Copy and show notes: Louise SuretteConnect With Us:Email: podcasts@liv.asn.auWebsite: https://...
    Show More Show Less
    24 mins
  • Sheep in wolf’s clothing: How white hat hackers and pen testing help stop hacks

    Sheep in wolf’s clothing: How white hat hackers and pen testing help stop hacks
    May 18 2026
    Episode Summary:Many law firms make a heavy investment in cybersecurity tech, and yet attackers can simply walk straight through their front door. This episode exposes how ethical (and criminal) hackers think and act, revealing why human trust and everyday routines are often a real vulnerability attackers’ exploit. This episode pulls back the curtain on penetration testing, and the white hat hackers who help firms fix weaknesses before criminals can exploit them.Guest:• James Thompson, Director, principal cybersecurity consultant and penetration tester, Malware Security• More than 20 years’ experience testing government, defence and critical infrastructure networks• Specialist in offensive security, social engineering and red team engagements• www.linkedin.com/in/cyberjt• www.malsec.com.au Host:• Jayne Gurton, Law Institute of Victoria• podcasts@liv.asn.au | https://www.linkedin.com/company/law-institute-of-victoriaEpisode Overview:Securing a law firm from cyber attacks must take into account not just technology, but the physical environment as well. In this episode, penetration testing expert James Thompson explains what really happens when an organisation hires a pen tester and how cyber breaches can come through the front door as well as a link in an email. The discussion unpacks penetration testing, red team engagements and social engineering attacks, with practical examples from professional services environments. Listeners will learn how ethical hackers exploit human behaviour, why organisations often fall within minutes of an initial breach and what law firms can do right now to reduce their attack surface. Topics & Timestamps:• 02:04 What is penetration testing• 04:40 Common vulnerabilities in office environments• 08:49 Real-world social engineering scenarios• 11:14 What happens after initial network access• 13:48 Practical steps firms can take immediately• 15:20 Choosing a penetration testing provider• 17:20 Emerging cyberthreats and AI-enabled attacksKey Takeaways:• Penetration testing combines technical skill with human manipulation to mirror real cyber attacks• Front desks, unlocked doors and helpful staff are common breach points• Many organisations are compromised within 15 to 30 minutes of initial access• Multi-factor authentication and reducing attack surface significantly raise the barrier• Not all vendors offering pen tests deliver genuine human-led testing• Regular testing and staff awareness are essential parts of cyber risk managementResources & Links:• Law Institute of Victoria cyber security resources – Practical guidance for legal practices | https://www.liv.asn.au/web/resource_knowledge_centre/cybersecurity-hub/web/content/resource_knowledge_centre/cybersecurity-hub.aspx • Law Institute Journal – Cyber risk and legal practice coverage | https://www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2025/02february/law_firms_and_cyber_risk.aspx | https://www.liv.asn.au/web/search_results_page.aspx?search=cyber• Australian Cyber Security Centre – Guidance for professional services | https://www.cyber.gov.au• Malware Security – Penetration testing and red team services | https://malsec.com.au• Australian Signals Directorate Essential Eight – Baseline cyber security controls | https://www.cyber.gov.au/resources-business-and-government/essential-cybersecurity/essential-eightAbout This PodcastCross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights.This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present.DisclaimerThis podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters.Production Information• Produced by: The Law Institute of Victoria• Producer and audio editor: Garreth Hanley• Music: Garreth Hanley• Copy and show notes: Louise SuretteConnect With UsEmail: podcasts@liv.asn.auWebsite: https://liv.asn.auLinkedIn: https://www.linkedin.com/company/law-institute-of-victoriaApple Podcasts: https://podcasts.apple.com/au/podcast/cross-examined/id1858765728Spotify: https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgVMentioned in this episode:2026 Legal Forum advertLegal Forum 2026: Discover the forum where lawyers come to connect, be inspired and stay ahead....
    Show More Show Less
    22 mins
  • Cybersecurity misconduct risks for Victorian lawyers

    Cybersecurity misconduct risks for Victorian lawyers
    May 11 2026
    Episode Summary:Victorian lawyers are now being held to a minimum cybersecurity standard, and failure can lead to professional misconduct findings. This episode examines cybersecurity professional misconduct risks, what regulators expect in practice and how new privacy and ransomware laws raise the stakes for every firm, big or small.Guest:• Simone Herbert-Lowe, founder, Law & Cyber• Professional indemnity specialist with more than 30 years of legal experience• Expert at the intersection of cyber risk and legal professional responsibility• https://www.linkedin.com/in/simone-herbert-lowe/• https://www.lawandcyber.com.auHost:• Jayne Gurton, Law Institute of Victoria• podcasts@liv.asn.au | https://www.linkedin.com/company/law-institute-of-victoriaEpisode Overview:Cyber risk has moved from an abstract IT issue to a core professional responsibility for Victorian lawyers. In this episode, we examine cybersecurity professional misconduct through the lens of recent court decisions, regulatory guidance and real-world claims experience. Simone Herbert-Lowe explains how the “reasonable practitioner” standard is being applied in 2026, why human behaviour remains the weakest link in law firm security, and how small and mid-sized practices are often more exposed than large firms.The discussion also unpacks the VLSB+C minimum cybersecurity expectations, the expanded reach of the Privacy Act through AML/CTF obligations, and the impact of new laws on ransomware reporting and serious invasions of privacy. Listeners will gain practical guidance on what compliance looks like in day-to-day legal practice and where to focus limited time and resources.Topics & Timestamps:• 00:12 Why cybersecurity failures can now amount to professional misconduct• 01:25 Recent court cases shaping cyber risk expectations• 04:44 Why small firms are attractive cyber targets• 06:48 Behavioural breaches and human error in law firms• 09:26 The “reasonable practitioner” standard in 2026• 12:38 Cloud services, offshore data and Privacy Act obligations• 14:21 Ransomware reporting and the statutory privacy tort• 16:29 Practical actions firms should take this weekKey Takeaways:• Cybersecurity failures can now trigger findings of unsatisfactory professional conduct or misconduct.• Small and sole practices are as at risk as large firms.• Human behaviour, not technology, is behind many serious breaches.• The VLSB+C minimum cybersecurity expectations set a clear baseline for Victorian lawyers.• Privacy Act obligations can apply regardless of firm size through AML/CTF requirements.• Principals must be able to demonstrate practical, documented cyber controls.Resources & Links:• LIV Cybersecurity Hub – Practical guidance and resources for Victorian practitioners | https://www.liv.asn.au/cybersecurityhub • VLSB Minimum Cybersecurity Expectations – Regulator guidance setting baseline standards | https://lsbc.vic.gov.au/sites/default/files/2024-02/VLSB%2BC_Minimum_Cybersecurity_Expectations.pdf • Australian Information Commissioner v Australian Clinical Labs Limited [2025] FCA 1224 – Federal Court decision on privacy and cyber breaches | https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCA/2025/1224.html• ASIC v FIIG Securities Limited [2026] FCA 92 – Cybersecurity governance and regulatory enforcement | https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCA/2026/92.html• Mobius Group Pty Ltd v Inoteq Pty Ltd** \[2024\] WADC 114 District Court of Western Australia, decided 20 December 2024 https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/wa/WADC/2024/114.html• Ransomware payment reporting factsheet – Department of Home Affairs guidance | https://www.homeaffairs.gov.au/cyber-security-subsite/files/factsheet-ransomware-payment-reporting.pdf• OAIC guidance on statutory privacy tort – Overview of serious invasions of privacy | https://www.oaic.gov.au/privacy/your-privacy-rights/more-privacy-rights/statutory-tort-for-serious-invasions-of-privacy• Australian Privacy Principles: https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelinesAbout This PodcastCross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights.This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present.DisclaimerThis podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not ...
    Show More Show Less
    21 mins
adbl_web_anon_alc_button_suppression_c
No reviews yet