The Importance of Cyber Insurance for Law Firms

  • 22 mai 2020
  • Christopher Masaki, MBA, development underwriter at Boxx Insurance Inc.

Cyber risk commonly refers to any risk of financial loss, business disruption or damage to the reputation of a company from some form of failure of its information technology systems. Today, with a large portion of the workforce shifting to remote work at unprecedented rates due to the ongoing COVID-19 pandemic, these risks have been amplified. This has created a bit of a perfect storm for cyber attacks. Traditionally, where you had employees using properly configured corporate devices within their company’s premises and secure network, you may now have employees using personal devices for work on potentially less secure home networks. Privacy and information security policies may also have become relaxed at many companies during this time, as well. Furthermore, COVID-19-themed scams and phishing attacks have surged as bad actors turn the pandemic and the confusion and uncertainty it has created to its advantage.[1]

Law firms are particularly at risk. Law firms hold a gold mine of sensitive personal and corporate data. Additionally, law firms tend to be low-hanging fruit for hackers due to their oft lax cyber-security posture and them not viewing themselves as targets. Consider the following scenarios:

The computer system of a law firm is hacked, and confidential information about a high profile divorce case is leaked to the media.  The firm is sued by both parties in the divorce.

A new employee at a law firm disposes of a printout of confidential client payment information in the office building’s communal recycling bin rather than shredding it. The firm was responsible for notifying the clients that their information may have been compromised and was required to provide credit monitoring.

A laptop belonging to a law firm that specializes in class action suits is stolen. It contains sensitive information, including social security numbers and medical history, of a large number of claimants in a suit against a medical device manufacturer. The law firm is liable for notifying the claimants and providing credit monitoring services.1

Cyber risk management is no longer a nice-to-have, but a must-have, especially for law firms. Law firms have information on hundreds of people and corporations. Much of this information is valuable and can be monetized by hackers.

There are many things a firm can do to reduce their cyber risk. Aside from improving their cyber-security posture and IT infrastructure, a cyber insurance policy can go a long way in making sure a firm is protected from significant financial loss.