Introduction Authored by Rebecca Stottlemyer, Body Authored by Jack Compton
AdvoCap has a special partnership with SGP Advisors which enables us to bring together a first-class insurance team to advise plaintiff lawyers. Jack Compton has been with SGP Advisors since 2011. He has brought us some valuable information below about the importance of cyber coverage and updates regarding cyber for the new year.
What may sound like a scene from a Hollywood movie is now sadly a routine occurrence in law firms. The firm’s network has been taken over by hackers and they are demanding cryptocurrency payment or else they will sell the data on the dark web and shut down the firm’s entire systems. Is there an insurance product available to protect you in this scenario? The answer is yes: a cyber liability policy.
Hackers know that law firms possess extremely sensitive and valuable data. And often times, many firms’ IT systems have inadequate levels of security when compared against larger companies. Given the current environment, we all live in, where the cost of virtually everything has increased over the past few years, and inflation is near record highs, the last thing any law firm wants to hear is the need to purchase an additional insurance policy. However, these types of claims are almost always excluded from a traditional E/O (professional liability) policy, as carriers have drawn a line in the sand that these matters fall outside the purview of what those policies were ever intended to cover. Anecdotally, I can say over the past year our office has seen far more cyber-related claims than any other line of coverage. What used to be an obscure type of insurance, is now a necessity for any law firm.
One of the most common types of claims is a ransomware or cyber extortion event. A comprehensive cyber policy will cover the costs to respond to an incident, and even negotiate with the bad actors and pay a ransom to them to mitigate the incident and recover the firm’s data. The carrier will also handle items such as breach response costs (notifying any potentially affected parties whose data was compromised, which is required by law). The policy may even provide coverage for regulatory fines and penalties that are incurred as a result of the breach. Along with restoration costs and business interruption coverage for the lost revenue while the firm was offline.
Another common type of claim is what is known as social engineering. This is when a firm is deceived into wiring money to the wrong bank account. While all firms have procedures regarding verifying wiring instructions, it is a numbers game for criminals. If they can catch one person in a rush and having a mental lapse in judgment, that is all they need for a big payday. The funds are typically instantly wired to an offshore account and the money is not recoverable. Nearly every carrier sub-limits this coverage to a fraction of the full policy limit because these claims are so common.
While the cost of cyber policies has increased over the past few years, we are seeing premiums level off. Carriers have improved their ability to properly underwrite firms, and determine which firms have the necessary protocols and procedures in place. Those that don’t, will be required to bring their processes up to standard before they can procure a policy. Underwriters even run a non-invasive penetration test, mimicking a hacker, to see how vulnerable a firm’s systems are from an outsider’s perspective.
One thing to keep in mind: not all cyber policies are created equal. Be sure to consult with your broker on what is covered and what is not. Many carriers have begun to sub-limit or even exclude various coverages or scenarios. Your firm’s profile, controls, and loss history, as well as your broker’s expertise in this field and access to leading underwriters, will dictate what is available to you.
Here at AdvoCap, we join Jack in reminding you to make sure that you have the right coverage for your firm. If you would like to know more about cyber coverage that is available or would like to have your current policy reviewed, please don’t hesitate to reach out to us via phone 1-877-894-3399. We are here and happy to help!
Photo Credit: voronaman, 123rf.com
