Panama Papers scandal: Law firm admits it thinks it was the target of hackers as experts warn companies are misguided in their cyber security efforts

Hayley Kirton and Oliver Gill
Child Detectives
Big businesses have fallen for technology's false security (Source: Getty)
usinesses are failing to identify weak spots in their cyber security systems, as the law firm embroiled in the Panama Papers breach admits that it believes it was targeted by hackers.

A report seen exclusively by City A.M. by FTI Consulting has discovered that just less than half (43 per cent) of global institutional investors believe that board members have a barely acceptable or unacceptable understanding of the key information held by their company and the potential impact of losing that data.

"You need someone at the top to take absolute ownership of this rather than skilled people pushing their recommendations to the top," remarked Dan Healy, head of strategy consulting and research at FTI Consulting.

Meanwhile, the founding partner of Mossack Fonseca said in an interview with Reuters early this morning that the data breach related to the Panama Papers report by International Consortium of Investigative Journalists (ICIJ) was caused by an outsider to the company and was not an inside job.

Panama papers latest: What you need to know

"We rule out an inside job. This is not a leak. This is a hack," stated Ramon Fonseca.

On Sunday, the ICIJ released a report based on more than 11.5m files worth of data leaked from Mossack Fonseca.

Stewart James, a partner at law firm Ashfords, warned that too many businesses put too much faith in their firewalls to protect them from external threats, without considering that all their data is unlocked and ready to steal should somebody make it past their first line of defence.

Read more: Not if, but when: The cyber threat the C-suite must face

"Some people will understand that you have to think beyond the firewall, and that tends to be the people on the technology side," James said to City A.M.. "Businesses themselves, the board, for example, or people operating within the company, will probably assume that because there is a firewall, they’re protected."

Sarah Stephens, head of cyber at JLT, added: "Technology can give a false sense of security to companies, even though it is widely acknowledged that no business is 100 per cent secure from an external cyber-attack."

Read more: Here's a game changer for unreported cybercrime

Despite this, FTI Consulting's report found that three out of four (74 per cent) of those working in management still believe their biggest threat of a data breach is from within their organisation, and Healy warns businesses not to turn a blind eye to an inside job.

"There is the image of a stereotypical hacker with the hood on and that's the perception that a lot of people have," said Healy.

Related articles