When it comes to cyber risks, attorneys are often found litigating on behalf of clients who have been crime victims and are suing the company that the criminals hacked. However, sometimes, attorneys themselves fall victim to cyber criminals.
Like any other business, law firms are vulnerable to network breaches. Because of the extremely sensitive information attorneys possess, however, the consequences can be particularly devastating.
Many attorneys unnecessarily put themselves in danger of huge losses. But the legal profession is hardly alone – it is estimated that only about 2 in 10 small businesses have any cyber liability coverage at all. This is quite amazing, especially considering the daily news headlines telling of cyber crimes against all sorts of businesses and government agencies.
What if someone hacked into your computer network?
Every law firm stores valuable data on its computers. If a hacker broke in, various nightmare scenarios could unfold. For instance, confidential and proprietary information found in contracts, even those yet to be executed, would be available. The hacker could extort the law firm and its client to keep from revealing the data to the world. And even if the criminal had no use for this particular content, the mere fact of a security breach would put the firm in danger of being sued by the client whose data was exposed.
There are even ways that a data breach could occur unintentionally by employees of the law firm. For example, if a worker unwittingly opened a virus-infected email, the virus could then reveal protected information, such as tax returns. Social Security numbers and client income amounts might become public knowledge.
Other cyber dangers abound
There are other hazards to be aware of, too. Data storage on laptops is common, but if the device gets lost or stolen, client information is exposed. So, for example, if a burglar breaks into an attorney’s house or car and steals a laptop used for work, the secrecy surrounding intellectual property, discovery files, and all sorts of other legal documents would be broken.
Furthermore, a typical law firm has paper files as well as digital ones. A negligent employee might lose paper files, triggering a legal crisis. Or, if paper files are archived by a third-party provider, and files get compromised, the law firm is still liable.
Any loss involving client data might also necessitate a rapid public relations response, which would be expensive.
State and federal laws also require notification to each individual person whose information has been breached.
Occasionally, and often without explanation or warning, records in a network become corrupted, or the entire network might become inoperable – either situation would result in a break of business continuity and lost revenue.
Network breaches cause big cyber liabilities
A typical network breach exposes hundreds or even thousands of records. The Ponemon Institute estimates that each compromised file costs the victimized company $214. By the time lawsuit and client notification expenses have been paid, the average hacking incident costs a whopping $7.2 million. But even if only one single file is exposed, lawsuits and other consequences can cost huge sums.
Take precautions, but realize they aren’t fail-safe
There are some preventative measures that attorneys can take. For example, encrypting all sensitive data will make it more difficult for the bad guys to get access to client information. And having strong network security protocols can reduce the likelihood of a successful attack.
But even for law firms that are diligent in taking precautions, a breach is probably of matter of when, and not if. As mega-companies with a ton of security resources continue to be victimized – like Visa and Google – it is becoming almost impossible for smaller firms to maintain a sense of invincibility.
The good news: Internet insurance offers protection
To fully exercise due diligence, attorneys need to acquire cyber insurance to cover the wide range of liability exposures they face on a routine basis. Such protection, also called “Internet insurance” and “information insurance,” can provide payment for claims generated by both first and third parties.
In addition to the scenarios previously mentioned, cyber liability policies can be written to cover other circumstances, including malevolent actions of a rogue employee and a firm’s unintentional breach of its own privacy policy. There is even coverage available in the event that compromised records enable the stalking of a client.
As attorneys and other professionals grow more aware of the diversity and potential severity of cyber risks, more firms are seeking coverage. Growth in the cyber risk insurance sector grew by an estimated 20-30% last year. But navigating the complexities of coverage can be daunting.
INSUREtrust offers expertise in Internet insurance
We at INSUREtrust have been cyber liability insurance experts for over 15 years, and every day help businesses determine the right policies for their particular needs.
Internet insurance doesn’t have to be expensive, but it is money well spent. The premium cost for a cyber insurance policy can be as little as a few thousand dollars for a $1 million policy limit.
Over the past ten years, INSUREtrust has written more than $100 million in premiums and paid more than $30 million in claims. Insurers are looking for business and we can find competitive pricing and terms for any risk.