Law Firms and Data Loss Insurance
Technology is an essential part of any modern practicing attorney’s toolkit. In Tad’s Tech Corner, join me as I discuss how to best utilize technology– both from a device and software standpoint– during your daily lawyering tasks and during trial. Discussions, as always, are welcome in the comments section below.
— Tad Thomas
Whether you know it or not, your law firm is always at risk of a data breach. Think about just how many suspicious emails you receive—like the ones that involve phony requests from management for money, sham new client inquires, or invitations to download documents from questionable links. Attacks on law firms and lawyers are becoming more frequent, with threats including the direct theft of funds, data breaches of client information, malware and phishing attacks, and ransomware attacks. If you’re looking to protect your law firm and its clients, it’s important to understand data loss insurance.
The Risk of a Data Breach for Your Law Firm
You collect and store an exorbitant amount of sensitive client data. You need to ensure the protection of that data to maintain the trust and privacy of your clients. If you don’t and a breach occurs, you’ll likely be dealing with the following:
- Reputation Damages. If clients do not trust you to keep their information secure, they’re not going to trust you to achieve a favorable settlement for their case. Depending on the severity of the breach and how many clients were affected, it could take years to build back up your firm’s reputation.
- Compliance Costs. While the cost of a compromised record varies, it’s not cheap. Once you’ve had a breach, you have to comply with state notification laws, agree to a forensic investigation, and possibly have to pay for credit monitoring services.
- Damage Claims. If a client or third party experienced damages due to the data breach that affected your law firm, they have the right to bring a direct claim against you to cover the costs. It’s also possible you could be subject to a cross-claim in the form of individual or class action lawsuits for indemnification.
Risk Management and Cyber Insurance Coverage Options
With so many cyber policies out there, it’s important to know what your protection options are and what would be best for your firm. Let’s take a look at the standard coverage options, along with some additional policies to consider.
- Incident Response Cost. This covers the legal fees and expenses of computer forensics, breach notification, and identity monitoring when a breach happens.
- Business Interruption Cost. A data breach can result in lost income and unexpected expenses. Business interruption coverage can take care of those losses when a virus or attack caused a computer system disruption.
- Fraud. This first-party coverage takes care of loss of money or securities from computer fraud, social engineering, and the fraudulent transfer of funds.
- Cyber Extortion. A cyber attack may threaten to destroy data, attack a computer system, or disclose electronic computer information for money or cryptocurrency. Cyber extortion coverage protects you from that.
- Network and Information-Security Liability. This is coverage for claims that come from unauthorized access to data, failure to provide notification when a breach has happened, and the transmission of a virus from the insured’s network.
- Communication and Media Liability. This type of coverage is for claims that arise from copyright infringement, libel, slander, or defamation in electronic content.
- Regulatory Defense Expenses. If your dealing with one of the above claims, but it involves a government agency, you’ll want this coverage in your policy.
- System Failure. System failure coverage extends business interruption coverage to disruptions caused by unintentional or unplanned outages of a computer system.
- Reputational Harm. As we discussed, reputational harm is a consequence of a data breach. With this coverage option, any lost profits resulting from damage to a law firm’s reputation will be covered.
- Physical Perils. Some policies offer coverage against physical perils caused by a cyber event, like bodily damage, destruction of property, or pollution.
Cyber attacks can have devastating fallout for a law firm’s network. As a lawyer, you must carefully consider what could happen if your computer networks were breached and client information was exposed. Once you’ve established risk, it’s time to make a plan. The right cyber insurance policy can become the first part of your firm’s cybersecurity mitigation strategy so that you can focus on additional mitigation measures like a password management program, encryption processes, and antivirus programs.