There are over 70 different insurance companies that sell some form of cyber risk insurance, which makes it very difficult to explain all of the differences between SafeLaw and competing insurers. However, SafeLaw is the only cyber risk insurance policy created just for law firms, so there are some distinct advantages that SafeLaw has over the rest of the marketplace. In the chart below, we highlighted some of the major advantages SafeLaw has over competing cyber risk insurers and we attempted to explain the benefit to your firm as well. The items listed below are a small fraction of the SafeLaw coverage advantages.
General Policy Features
Applicable to entire policy
|Safelaw Coverage Features||Competitors Cyber Risk Policies||Benefits|
|Coverage structured exclusively for Law Firm cyber exposures||no||SafeLaw coverage is designed for the business activities and cyber risks of law firms. Everything from sensitive client legal information to loss of billable hours to specialized regulatory risks associated with law firm cyber perils is contemplated.|
|Difference in Conditions Wraparound Policy Structure||No||SafeLaw coverage is dovetailed with the LPL policy to eliminate the gaps and coverage conflicts that usually exist. Where the LPL policy provides no coverage SafeLaw provides primary coverage. Where the LPL provides partial coverage SafeLaw covers the uncovered portion of the claim and were the LPL provides full coverage SafeLaw provides excess coverage with no deductible. We are currently the only program to provide such coverage to law firms.
|Deductible Infill/Erosion ||Yes||SafeLaw recognizes erosion for amounts paid under LPL and can infill LPL deductible in some cases.
|Single Blanket Deductible||Possibly – However, many cyber risk insurers apply multiple deductibles.||A single deductible applies to losses no matter how many coverage sections are triggered
|Broad definition of Insured drafted for law firms||No – competitors policies use standard corporate definitions||The SafeLaw definition of Insured mirrors the language used in lawyers professional liability polices. The way we define insured avoids the typical pitfalls and limitations of the corporate structure limitations.
|Knowledge standards limited to a control group ||Possibly – Some of the better cyber risk insurers provide control groups. However, we are the only cyber risk provider to use law firm specific control group wording.||The typical policy requirements imposed when a member of the company has knowledge of a cyber-incident is limited to when a member of a small control group has knowledge. The language also provides coverage for malicious acts of employees.
First Party Property Coverage Features
Applicable to electronic property, loss of income and crisis response coverage sections.
|SafeLaw Coverage Feature||Competitors |
Cyber Risk Policies
|Tailored coverage for accidental damage.||No||The covered perils include some types of physical damage resulting in data loss, which is not usually covered by property policies purchased by law firms. This approach helps eliminate potential gaps between policies.|
|Outsourced systems covered||Possibly – Usually very limited||SafeLaw gives coverage for electronic property damage and loss of income are covered anywhere.|
|Contingent business income||Rarely – Sometimes available by endorsement||Contingent business interruption is standard in SafeLaw|
|Coverage for billing system interruption and loss of billable hours||No||Many of the usual business income revenue recognition requirements that impair a law firms ability to recover business income losses don’t apply. The coverage is structured around a loss of billable hours when a loss occurs|
|Expanded Incident response services||No||SafeLaw’s incident response coverage includes remediation expenses associated with disclosures of any of your firms data such as data subject to confidentiality restrictions or attorney client privilege. Most cyber risk insurers only provide incident response coverage for personally identifiable information to remediate identity theft.|
|Proof of loss expenses are covered||Possibly – some competitors provide small sub limits of coverage and others provide none.||The cost of proving a loss can be hundreds of thousands of dollars in some cases. SafeLaw provides coverage for proving a loss including technical forensics and forensic accounting and there are no sub limits.|
|No War or Terrorism or Exclusions||No – Other cyber risk policies have war and/or terrorism exclusions. We are currently the only provider offering coverage without a war or terrorism exclusion.||Many cyber attacks are classified as terrorist acts, so most polices impose significant limitations on coverage by having a terrorism exclusion. SafeLaw has no terrorism Exclusion.|
First Party Crime and Special Crime Coverage Features
Applicable to extortion, ransomware, social engineering and fraudulent funds transfer coverage sections.
|SafeLaw Coverage Feature||Competitors |
Cyber Risk Policies
|Coverage for theft of the firm’s money and securities as well as theft of a firm client’s money and securities.||Rarely – Even where a competing policy may cover loss of a client’s money or securities, it does not cover the resulting liability or trust account violations.||SafeLaw covers the electronic theft or fraudulent funds transfer of the firms money and securities as well as a client’s money and securities when the firm is an authorized custodian. In addition, SafeLaw provides coverage for any resulting liability including regulatory and ethics violations.
|Coverage for social engineering||Possibly – Some insurers now provide coverage for social engineering resulting in theft of money and securities||Law firms are among the most frequently targeted organizations for social engineering attacks. Firms involved in corporate transactions, real estate, international law, and financial services have seen claims quadruple in the last year alone.|
|Coverage for crypto currency||Possibly – Only a handful of insurers cover loss of crypto currency such as Bitcoin.||Use of crypto currency is at an all time high and losing crypto currency can be as simple as losing a laptop or a hard drive. It is far easier to steal than other forms of currency.|
|No transfer verification requirement||Possibly – Most insurers require callback procedures||Many cyber risk insurers require funds transfer verification procedures to trigger coverage and in come cases, insurers even require an out of band independent verification. While these procedures are good for loss control, the reason firm’s are losing money due to social engineering scams is because they are being tricked into not using a verification requirement. Therefore, insurers are excluding the number one cause of social engineering loss by insisting on a transfer verification requirement.|
|Coverage for extortion threats by employees and contractors||Possibly – many insurers limit extortion and ransomware coverage to acts of third parties.||The SafeLaw coverage for extortion and ransomware provides full limits of coverage regardless of who perpetrated the extortion threat.|
Third Party Liability Coverage
Applicable to network security, privacy and media liability coverage sections.
|SafeLaw Coverage Features||Competitors Cyber Risk Policies||Benefits|
|Enterprise wide data coverage ||Possibly – Many insurers cover data just in the insured’s computer system.||Coverage for all of the firm's confidential data (not just personally identifiable information) is included in SafeLaw.
|Regulatory violations, ethics violations, disciplinary proceedings fines and penalties coverage for all covered perils with no sub limits.||No – Competing products cover privacy regulatory actions and usually have sub limits of coverage.||Regulatory coverage expanded to include regulatory, disciplinary and administrative proceedings unique to the legal industry as well as the associated and fines and penalties.
|Softened hammer clause||Possibly||Consent to settle language is 50/50 in SafeLaw.
|Vicarious liability coverage||Possibly – sometimes available by endorsement||Coverage is included for breaches and disclosures of data wherever they happen, even by a service provider or at an outsourced location.
|Physical theft of data and accidental disclosure coverage||Rarely||Coverage for data breaches includes physical and accidental perils such as loss of a laptop by an employee or theft of equipment.
|No professional services exclusion||Possibly||SafeLaw policy provides protection for cyber losses even when they occur during the course of professional services
|SEC, RICO, pollution, EPLI and other exclusions are carved back||No||Carves back coverage for firms that provide services to industries or in areas that may be impacted by such exclusions.
Please Note: The coverage summary above is a general description of coverage provided for illustrative purposes only. Various provisions in the SafeLaw policy restrict coverage. Please read the policy carefully to determine the extent of coverage and refer any questions to your broker.
If you would like more information regarding the features and benefits of the SafeLaw program, please contact your broker. Alternatively, you may contact Michael Lamprecht at 312-363-7017 or MikeL@bigdatainsure.com for more information.