Law firms are increasingly falling victim to cyber attacks, as the nature of the legal profession—and the wealth of confidential information firms possess—make them attractive targets to hackers. Even small and mid-size firms are vulnerable, and in fact, may be even more at risk due to a perceived lack of sophisticated security technology and policies.
ProWriters understands this risk and recommends cyber liability insurance for law firms of all sizes to better handle the consequences of a successful cyber attack. From the costs to pay ransomware claims or the extortion related to the threat of releasing their confidential client information as well as the cost to restore networks to the potential sanctions associated with malpractice claims, ethics violations, and government or other third-party claims, a cyber attack can be devastating to your client’s finances and reputation.
It doesn’t have to be.
Cyber Liability Insurance for Law Firms: Critical Coverage Against the Unknown
In October 2020, the American Bar Association reported that 29% of law firms had experienced a security breach, and malware infections had been detected in 36% of firms. However, these were only successful attacks. Security experts report that every law firm worldwide is at risk for a cyber attack.
Law firms make attractive targets for cybercriminals for several reasons. In fact, one security firm argues that the sheer amount of information contained on the typical law firm network warrants the inclusion of the legal industry on the U.S. government’s list of critical infrastructure industries. This means that the data stored on legal networks is so crucial that allowing it to fall into the wrong hands could cripple the country economically or endanger public safety.
Consider the data stored on the average law firm network:
- Confidential employee and client personally identifiable information (PII), including health and financial data.
- Confidential corporate client data, including intellectual property, trade secrets, patents, and copyrights.
- Confidential client information related to specific cases that would violate attorney-client privilege if exposed.
- Confidential information related to clients’ criminal activities.
- Confidential practice information, including financial information and account access, software licensing codes, and billing information.
Allowing any of this information to fall into the wrong hands could devastate any law firm. And it’s not even considering the effects that a cyber attack can have on operations. The last thing attorneys need in the middle of a major trial is to lose network access due to a ransomware attack. Downtime affects all aspects of law firms, and given that gaining access to proprietary data has proven lucrative to cyber criminals, attacks are only likely to increase—and as such, so will the need for protection.
Why Professional Liability Insurance Is Inadequate
Many attorneys mistakenly believe that professional liability coverage—i.e., malpractice insurance—covers cyber security and liability for attacks. The fact is legal professional liability (LPL) insurance doesn’t offer the same protection as Cyber Liability Insurance for law firms, and relying solely on LPL is leaving firms exposed.
LPL protects law firms from claims due to errors and omissions, breaches of fiduciary duty and contract, human error, wrongful acts, and malpractice. And while it could be argued that certain aspects of a data breach fall into one or more of those categories, the fact is that LPL is unlikely to cover all the costs associated with a cyber security incident.
Therefore, to ensure complete indemnification from liability related to cyber incidents, Cyber Liability Insurance is a must. Cyber Liability Insurance policies may cover:
- Ransom payments necessary to restore access to data or to prevent hackers from releasing the stolen confidential information.
- The cost to restore your data should you not pay the ransom or not be able to recover all or part of your data
- Legal fees.
- Costs of computer forensics to uncover the source of the attack.
- Notification costs.
- Loss of income due to business interruptions.
- Costs associated with restoring the network.
- Costs associated with losses due to theft.
- Costs for regulatory claims.
- Costs associated with liability to third parties.
Cyber Liability Insurance for law firms also provides protections against risk that LPL policies simply don’t. For instance, the underwriting process for cyber insurance requires proof of adequate security protocols, meaning that law firms must implement and maintain specific security measures.
Cyber policies also include additional resources for cyber risk management, including access to IT security experts, monitoring for cyber risks, and access to industry experts for help managing security incidents and mitigating losses
Risk Management for Law Firms
Cyber liability insurance offers an extra layer of protection, but law firms bear responsibility for protecting themselves and managing the risk of a cyber incident. Adhering to best practices reduces the risk of a devastating breach. ProWriters recommends:
- Implementing dual authorization policies for all financial transactions.
- Implementing domain keys identified mail and domain-based message authentication, reporting, and conformance.
- Implementing endpoint protection.
- Implementing automatic cloud-based backup policies.
- Implementing a secure email gateway.
- Implementing multi-factor authentication requirements on email and remote access protocols.
- Implementing password managers.
- Implementing ongoing, comprehensive employee training to develop a culture of security awareness.
As long as cyber criminals continue to target law firms, staying one step ahead with strong risk mitigation and security protocols needs to be a priority.
Get Your Law Firm Clients the Coverage They Need
Take the first step toward helping your law firm clients secure Cyber Liability Insurance by registering with ProWriters’ as a broker and gaining access to the Cyber IQ Comparative Rate Platform. Put our 20 years of experience to work and help your clients get professional cyber insurance coverage with a streamlined, simplified process that cuts out the waiting and the hassles.