Most everyone today is familiar with the threat of a cyber-attack. Prevalent in the news are stories of cyber hackers, viruses, ransomware, and the myriad of other buzzword threats floating through mainstream news. Large corporations such as T-Mobile, Audi/Volkswagen, and Nieman Marcus have had highly publicized attacks, and they surely had insurance.
What about smaller organizations like your law firm? In this article, we’ll discuss the threat of cyber attacks against a law firm, how insurance protects you, and give you some decision factors to consider if you need this coverage.
The ABA’s 2021 Legal Technology Survey Report reported that 25% of law firms had experienced a cyber security breach at some point. This can range from more common exposures of an email blast containing a virus link (Open this proposal!) to sophisticated impersonations intended to dupe a victim into sending funds to a wrong bank account.
Indeed, law firms are highly exposed. We see many smaller firms (<10 attorneys) believing that they could not be a target. However, it is quite the opposite. Cybercriminals view small businesses as “easier threats” as they are more likely to be duped and less likely to have proper controls in place. In fact, several cyber liability carriers no longer write law firms because of the volume of claims. This may be a motivating factor for why you would want to carry such insurance.
How to Protect The Firm?
The firm should have up-front controls & security to mitigate against a threat. If that fails, The Firm should carry cyber liability insurance.
Cyber Liability Insurance is now common among law firms of all sizes, and many would consider it a fiduciary responsibility of Firm Management to carry such a policy in today’s environment. These policies are designed to respond in the event of a cyber breach, loss of privacy information (trade secrets, IP, social security numbers, etc), ransomware, extortion, or cyber fraud. Better policies will also cover you for forensics and restoration to ensure that such an event does not happen again.
What to Look For:
Cyber Security Policies can be dizzying. This is a newer coverage, and insurance carriers take a wide variety of approaches towards offering coverage. Some of the biggest exposures for law firms are ransomware, extortion, social engineering, and cyber fraud. Many policies will provide little or no protection on these higher risk areas.
Most law firms will start with limits of $1,000,000 and increase based on exposure and/or requirements from third-party clients/ vendors. Deductibles can be relatively low at $2500, which is advantageous to the buyer.
You are wise to consult with an expert and/or go through a trusted party such as Embroker.
How Do I Know What My Firm Needs?
The nature of your practice may dictate the exposure of your firm to a cyber attack.
- How often does your firm transfer funds or give direction on transfer of funds?/li>
- How often do you handle 3rd party money (real estate closings, trust & estate work, PI settlements)?
- Do you store client PII (Personally Identifiable Information) or client trade secrets?
- Have you resisted doing a penetration test to gauge exposure to your firm due to cost or competing priorities?
If the answer to the above is yes, your firm surely has a higher propensity for risk. Furthermore, if you are transferring funds, it becomes imperative to take a close look at what policies are being provided. Not all policies are created the same. Oftentimes the cheapest policy is cheap due to lack of coverage.
Law firms have been accustomed to buying legal malpractice insurance. You are foolish not to. The good news is that good lawyering can prevent a legal malpractice claim. Unfortunately, cyber claims happen even to the firms with the best policies & procedures. For the small firm, investing in a cyber liability insurance policy is a wise investment into your operation.