Technology

The One Insurance Policy Your Practice May Not Have But Definitely Needs

Cyberthreats to firms and their clients' secrets are only increasing and many don't know that they aren't covered.

By  
on

The hackerIs your firm ready for “ransomware”? Do you even know what ransomeware is? If not, that’s a shame, because you’re probably not covered.

According to cybersecurity experts, ransomware is the up-and-coming brand of cyberattack that will hit companies — including law firms — like a firestorm this year.

That most firms aren’t covered against this emerging threat should come as little surprise since most firms aren’t covered against any of the panoply of cyber assault flavors floating around the Internet. Most haven’t stopped replying to that Nigerian prince, let alone figured out what protection they need. Though this is changing.

From Am Law Daily:

According to insurance brokerage Aon, more than 60 out of the 250 medium and large law firms that it services have purchased cyber insurance within the last two years. Marsh said that close to 40 percent of its roughly 100 large law firm clients have purchased the insurance, up from 20 percent two years ago.

Oh, law firms! Still the soft underbelly of ignorance in the world of industrial espionage and cyberattack. In defense of the firms, some may think they’re already covered:

“A lot of firms were under the impression that professional liability would pick up almost anything. This is not the case,” said Tom Ricketts, a senior vice president and executive director at Aon. “This has been one of the major debates that we’ve had with law firms over the last two years.”

The policies that law firms typically carry, such as lawyers’ professional liability insurance, general liability insurance and property insurance, do not always provide coverage when employee rather than client data is compromised, or when the firm must hire a forensic team to determine what data was lost and how. They also most likely won’t cover the cost of notifying regulators or engaging a public relations firm.

Sponsored

What? An insurance carrier has decided a comprehensive policy doesn’t cover some specific risk of loss? I’m incredulous!

Apparently these policies have been around since the late 90s when some insurer saw Sandra Bullock in The Net and realized there was a way to make money off of it. Fast forward 20 years, and all the fantastical hacking Hollywood conjured out of a haze of technological ignorance and cocaine is actually real. And worth budgeting for.

Just as policies vary dramatically, so do their prices, Ricketts said. But he offered what he called “a very, very loose rule of thumb:” A policy should cost $10,000 to $15,000 for each $1 million of limit.

In other worlds, a firm can expect to pay between $20,000 and $30,000 per year for a cyber policy that will cover up to $2 million in expenses.

Ricketts estimated that law firms with fewer than 50 attorneys are typically buying insurance with a $2 million limit; midsized firms are looking at polices with limits between $3 and $5 million; and firms with over 500 lawyers might buy polices that pay out $10 million or more.

Not too bad an investment. But Paul Caiazzo, Principal and Chief Security Architect at TruShield cautions firms not to see cybersecurity insurance as the only investment they need to make in this area:

The pitfall is where clients think an insurance policy is all they need. A policy is important in handling that last bit of residual risk after a sound cybersecurity policy is in place. I’ve seen claims denied where the company didn’t have the basics in place.

Sponsored

That’s probably the most important takeaway from all this talk about insurance: just as you wouldn’t buy car insurance and leave your keys in an unlocked $100K car, don’t buy cybersecurity insurance and just assume your 2002 infrastructure will do just fine in a 2016 world.

If you do think that, well, maybe that Nigerian prince will finally come through for you, too.

Amid Hacking Threats, Law Firms Turn to Cyber Insurance [Am Law Daily]

Earlier: Lawyer Falls For Nigerian Inheritance Scam, Gets Suspended
Lawyer Leaves Keys In $100,000 Sports Car. Dude Steals Lawyer’s $100,000 Sports Car.
Cybersecurity – Sometimes The Problem Is You

CRM Banner

Topics

, , , , ,