Many recent examples point out that law firms are not immune to Cyber Crimes. An ABA article asks whether your firm has Cyber Insurance. It gives as an example a 2015 incident where a four-attorney California Law Firm had a cyber attack experiencing the “Cryptolocker Ransomware ”. Although the article wrongly states that the applications for cyber insurance are time consuming. They are not. This used to be true but it is no longer the case. Many of the cyber insurance applications are only 1 or 2 pages in length and do not ask detailed technical questions.
While a Ranomware attack can be scary and somewhat costly. Imagine what the exposure for the law firms that were recently involved in a hack by 3 Chinese hackers that were trading on insider information obtained through hacking law firms.
According to the BBC, New York Times, and Wall Street Journal articles, the 3 hackers targeted email accounts of individual law firm partners. They were able to net over $4 million in profits from insider trading after being able to obtain non-public information on coming mergers and acquisitions from law partners emails. A recent class action suit in Illinois accused the the law firm of inadequate security. Hard to know where that suit will lead. In addition to having the needed insurance protection, how good is your law firm’s security.
A good Data Breach/Cyber Liability Insurance offers 1st party and 3rd party coverage. It needs to respond to the following exposures:
1st Party Claims
1. Incident Response Services
2. Ransom demands to unlock your system.
3. Notification requirements costs from federal & state laws & regulations to your clients that have suffered a data breach
4. System assistance in restoring your systems and data
5. Loss of income for the time that it takes to recover from a data breach
6. Harm to reputation & goodwill
7. Crisis Management and public relations costs
3rd Party Claims
1. Damages to clients that have suffered a data breach
2. Cost of defense to defend you from these claims
3. Regulatory Violations, fines and penalties that may be accessed against the firm