A Short Guide to Cyber Insurance for Lawyers and Law Firms
As an attorney, you may not be required to carry cyber liability insurance – or cyber insurance for short. However, you may still want to look into getting cyber insurance for lawyers, especially if you handle sensitive electronic data – whether personal, legal, or financial – as part of your work.
And if you are anything like most attorneys nowadays, you likely have adopted technological solutions in your practice. In its 2020 Legal Trends Report, legal practice management software provider Clio notes that:
- 85% of firms use practice management software
- 83% meet with clients online
- 79% of lawyers store their firm’s data on the cloud
- 73% of law firms handle electronic payments
- 62% of practices allow clients to sign and share digital documents
If that sounds like you, buying a cyber insurance policy may be a good idea. But before we explain why, let us get our terminology straight.
What Is a Cyberattack?
A
cyberattack is any malicious and unauthorized attempt to gain access to a computer, computer network, or IT system with the intent to cause harm. Examples include malware and ransomware attacks, DDoS attacks, phishing, and more. In any case, the hackers may seek to:
- Control, disrupt, disable, or destroy computer systems
- Breach data to modify, delete, manipulate, block, or steal it
Why Lawyers Should Consider Getting Cyber Insurance
The American Bar Association reports that up to
42% of law firms with 100 or more employees have experienced a data breach.
These statistics notwithstanding, it may take just one incident to cause considerable harm to your practice, including:
- Financial loss
- Loss of business
- Reputational damage
In light of this, you may want to consider getting cyber insurance to protect yourself and your business.
What Is Cyber Insurance?
Cyber insurance can help you and your business recover costs associated with financial losses and legal action following a wide range of cyberattacks. Depending on the terms of the particular policy, this may include breaches of:
- Health records
- Account numbers
- Credit card numbers
- Social Security numbers
- Driver’s license numbers
What Does Cyber Insurance Cover?
Typically, cyber insurance policies provide both first- and third-party coverage.
First-Party Coverage
First-party coverage can help protect your practice from monetary loss due to:
- Lost, damaged, or stolen data. In such cases, first-party coverage may cover the recovery costs.
- Loss of income. This may include loss of income that you would normally have earned had the breach not occurred, as well as any related expenses.
- Cyber extortion. Cyber insurance may help you recover extortion money paid to hackers as ransom.
- Notification costs. This includes expenses incurred when notifying third parties whose data has been compromised, such as hiring dedicated staff members to make calls on behalf of your practice.
- Reputational damage. Depending on the terms of your policy, coverage may be available for PR and marketing costs.
- Crisis management. Some policies may cover expenses related to the hiring of IT specialists, forensic accountants, lawyers, or PR experts to assess the damage, mitigate the loss, and help restore your reputation.
Third-Party Coverage
Third-party coverage can help protect you in the event of claims or lawsuits filed by clients or other third parties whose data has been breached. Coverage may include:
- Network security and privacy liability. This can help cover the cost of claims against you for negligently failing to protect the security of confidential personal data.
- Regulatory proceedings. Some policies can cover expenses related to regulatory proceedings against you.
- Electronic media liability. If a data breach results in the publication of sensitive information online, you may be able to cover the costs of ensuing libel, slander, defamation, or copyright infringement lawsuits.
What Is Not Included in Cyber Insurance?
It is important to note that cyber insurance policies typically do not cover social engineering.
“Social engineering” refers to a set of methods hackers use to trick people into voluntarily revealing private information or taking actions that may result in negative outcomes.
To ensure that you understand the full extent of your policy and whether or not it covers social engineering, you should talk to your insurance provider.
Are Cyber Insurance and Data Breach Coverage the Same Thing?
Cyber insurance and data breach coverage are two related but ultimately different policy types.
Cyber insurance typically covers both financial losses
and the costs of legal claims resulting from a wide array of cybercrimes including but not limited to data breaches.
In contrast, data breach coverage usually only protects you from monetary loss (but not legal claims). It also tends to cover a more limited set of internet crimes, such as:
- Hacking
- Data breaches
- Theft of business documents
If you are thinking of purchasing separate data breach coverage but already have
professional liability insurance, you may want to check the terms of your existing policy first. Certain malpractice policies may provide some data breach coverage.
Should Small Law Firms Have Cyber Insurance?
While you may not be required to carry cyber insurance, you should give it serious thought.
According to the
2020 Data Breach Investigations Report of wireless network operator Verizon, 28% of data breaches target small businesses.
The consequences of a cyberattack can be quite serious, too. Of the respondents in the ABA TechReport 2020 who had experienced virus, spyware, or malware attacks:
- 39% incurred repair fees
- 35% reported downtime or loss of billable hours
- 23% had a temporary loss of network access
- 17% said they had to replace their hardware or software
- 10% had lost access to their websites
Furthermore, only 34% of all respondents said their firms had cybersecurity incident response plans. The figures were even lower for firms of two to nine lawyers (23%) and solo practitioners (14%).
Cyber Insurance for Lawyers: The Bottom Line
There is a lot that may go into maintaining cybersecurity in your legal practice. Among other things, you may need to:
- Hire a dedicated IT expert
- Buy advanced security software
- Learn about common risks
- Draw up an incident response plan
- Know relevant data breach and cybersecurity regulations
You should also consider getting a cyber insurance policy. While it cannot prevent cyberattacks on your systems and networks, it can help protect you from potential financial harm, legal action, and give you some peace of mind.
Get your free Cyber quote today.
This information is provided for general purposes only and is not intended to provide individualized advice. All descriptions, summaries, or highlights of coverage are for general informational purposes only and do not amend, alter, or modify the actual terms or conditions of any insurance policy. Coverage is governed only by the terms and conditions of the relevant policy.