In a legal environment where efficiency and transparency are more important than ever, law firms of all sizes are using information technology and the internet to win new clients, increase business with existing clients, build brand presence, and deliver better service. Employees, partners, associates, and even clients are being granted access to the firm’s critical data around-the-clock from anywhere. Social media, online marketing, and content branding are revolutionizing the way firms and individuals stay connected and build a brand. While upside of using such new technologies may be boundless, it also creates significant risks for law firms.
“Cyber risk” is the term that describes the vast spectrum of emerging risks associated with the use and reliance upon technology. The cyber risks that law firms must deal with are radically different than those faced by other industries such as retail, financial services, and healthcare. Although every organization has exposure to cyber risk, many industries are faced with a just a handful of cyber risks such as legal liability from privacy breaches and loss of income due to computer system disruptions. Law firms are exposed to hundreds of different cyber risks including confidentiality and privacy breaches, regulatory and ethics violations, contractual breaches, damage to electronic property, computer system disruptions, extortion, social engineering and fraudulent finds transfers, to name a few. These cyber risks can and do cause catastrophic loss at law firms including lawsuits, regulatory actions, disciplinary proceedings, loss of income, data restoration expense, theft of money, extortion mitigation expense and brand damage or loss of clients.
Cyber risk insurance is coverage designed to protect organizations from cyber risks including first-party property claims as well as third-party legal liability. Cyber risk insurance has been available for over 20 years now, but most insurers still use proprietary policy language rather than standardized language used with many commercial lines insurance products. As a result, cyber risk coverage and pricing varies drastically among the 70+ insurers that offer cyber risk insurance protection. Firm’s seeking coverage for cyber risk need to be especially diligent when selecting the right cyber risk insurance policy. At a high level, the following coverages are available at many cyber risk insurers:
- Network Security and Privacy Liability;
- Multimedia and Publishing Liability;
- Data Breach Response Expenses;
- Electronic Business Interruption;
- Electronic Data Restoration Expense;
- Extortion; and
- Theft of Money or Securities.
Cyber risk insurance coverage is typically available in 2 basic structures, which are: (1) a standalone cyber risk insurance policy; or (2) cyber risk coverage embedded in or endorsed onto another type of insurance policy such as a commercial property policy or a lawyers professional liability policy. In most cases, cyber risk coverage endorsed onto another type of insurance is designed to provide fairly narrow coverage for very little or no cost, whereas standalone cyber risk insurance policies provide the broadest protection available and are priced accordingly.
The problem with almost every cyber risk insurance policy available today is they are generic, which means they are policies designed to cover the basic cyber risks common to all industries without covering the core exposures of any industry in particular. Most “generic” cyber risk policies provide basic coverage that is most appropriate for organizations that collect a significant amount of credit card data and sell products online. Generic cyber risk policies do not address the needs of professional services organizations such as law firms, which is the reason we created SafeLaw. SafeLaw was created by lawyers to protect law firms from cyber risk.
SafeLaw offers stand alone cyber risk coverage created for the unique cyber risks of law firms. SafeLaw was designed to protect firms from first and third party cyber risks and wrap around lawyers professional liability insurance to fill coverage gaps. We offer state of the art coverage built around the needs of your firm. In addition, SafeLaw provides your firm with comprehensive pre-breach risk management policies, procedures, and training as well as incident response and claims management to contain and control any cybersecurity incidents. SafeLaw is not just insurance, it is a cyber risk protection plan for your firm’s brand.