Frequently Asked Questions
Doesn’t the lawyers professional liability (“LPL”) policy cover cyber risk?
How do I know if my LPL policy covers cyber risk or not?
- Does our LPL policy cover civil, criminal or regulatory proceedings arising out of loss or unauthorized disclosure of our firm’s client or employee information?
- Does our LPL policy cover civil, criminal or regulatory proceedings arising out of unauthorized use of our firm’s computer network including computer attacks that emanate or propagate from our computer network?
- Does our LPL policy cover civil or regulatory fines, penalties or damages arising out of loss or unauthorized disclosure of our firm’s client or employee information?
- Does our LPL policy cover our costs of complying with regulatory obligation to notify clients or employees following loss or unauthorized disclosure of our firm’s client or employee information?
- Does our LPL policy cover loss mitigation expenses including provision of credit monitoring, ID theft recovery services, and hotline support to our clients or employees in the event of unauthorized disclosure of our firms client or employee information?
- Does our LPL policy cover crisis management and public relations expenses following computer attacks or a data breach?
What is SafeLaw?
Most cyber risk policies were designed with the of insuring a company for third-party liability from consumer privacy breaches. Many law firms don’t collect large amounts of personally identifiable information, but all law firms collect, create and store very valuable information that must be protected. SafeLaw covers a firms legal, ethical, regulatory and malpractice obligations for all the data a law firm collects, creates or stores.
SafeLaw also protects law firms from first-party cyber property losses and loss of income due to a cyber peril. Most cyber risk insurance policies provide first-party cyber coverage designed for companies that sell products, such as a retailer. We understand that law firms earn, bill and collect revenue differently, so SafeLaw has coverage crafted around a law firm’s business model and covers the loss of billable hours when cyber losses happen.
SafeLaw also includes educational and breach response services specific to the legal industry. We only use lawyers, technology vendors and consultants that specialize in cyber risk management at law firms. No other cyber risk insurance policy provides coverage and services specific to law firms.
What is a Difference in Conditions Wrap policy and how does it work?
SafeLaw is a difference in conditions wrap policy designed to broaden a law firms coverage by a) providing primary cyber risk coverage wherever gaps in LPL policies exist; b) switching to excess coverage when LPL policies provide coverage for cyber risk; and c) sitting side by side in a primary capacity with your LPL and covering the uncovered portion of cyber claims when LPL policies only provide partial coverage.
What are the minimum deductibles in SafeLaw?
The minimum deductible for SafeLaw is $2,500 for all modules except business interruption, which has a 12 hour waiting period.
What is the minimum premium for SafeLaw?
What are the maximum limits of coverage available for SafeLaw?
The maximum limit available from our primary insurer is $5,000,000.
How is SafeLaw’s business interruption coverage different from generic cyber risk policies?
Business Interruption Value = Net Income Plus Continuing Expenses, or
Business Interruption Value = Gross Earnings Less Non-continuing Expenses
This standard business income coverage, which is used by many cyber insurance insurers, can be problematic for law firms because of the length of time between when the service is performed and when the fees are collected. In most cases, insurers will only count income that would have been fully recognized during the period of restoration into the lost income calculation. For example, if a law firm is infected with a computer virus and the computer system is down for 14 days, only the revenue that would normally have been earned from services that are performed, billed and paid during those 14 days would be covered. Therefore, it’s likely that a law firm could lose hundreds of billable hours from a virus following a loss and not be able recover the lost income their insurance company.
The Safelaw policy addresses these problems with standard cyber risk business interruption policies head-on. Safelaw specifically covers loss of billable hours as a result of a covered peril, such as a virus, hacker, or denial of service attack. In addition, Safelaw includes coverage for extended billable hours interruption, extra expense and contingent business income to blanket your firm with coverage designed for a law firms unique needs.
Does Safelaw cover loss of confidential legal information
How can my firm get a SafeLaw quote?
To get a pricing indication, we have a system to get initial pricing indications. To receive a bindable quote, the applicant needs to fill out and sign an application:
- the number of lawyers and partners working at your company;
- the areas of practice your law firm provides services; and
- your LPL policy premium, deductible and limit
- 10 information security questions
- Warranty questions about any existing or potential claims
What are the minimum requirements for getting SafeLaw coverage?
How do I file a claim under a SafeLaw policy?
Does the SafeLaw information incident response and claims team have experience in the legal industry?
What ethical, regulatory, malpractice and contractual obligations does my firm have in the event of an unauthorized disclosure of client information?
SafeLaw provides clients with access to legal and technical experts to help your firm understand the current privacy and confidentiality regulatory environment for law firms. SafeLaw clients have round the clock access to a network of experts specializing in everything from confidentiality and privacy to breach notification.
How can the SafeLaw team help my firm navigate a claim?
- Conducting technical forensics to determine the scope and cause of the data security breach;
- Understanding the relevant regulatory, legal, ethical and malpractice obligations associated with the breach;
- Determining which authorities and regulatory bodies must be notified and guide your firm through the notification process;
- Identifying the individuals and businesses your firm must notify, the individuals you may wish to notify and guide your firm through the notification process;
- Selecting and implementing the best loss reduction solutions for the breach including credit monitoring, legal filings, insurance or fraud prevention;
- Managing ongoing communications with business and individuals that are victims of the breach including procuring call center services, developing scripts and training call center staff;
- Coordinating with a public relations firm to implement a public relations campaign to protect your firm’s brand.