This post is the fourth and final post in a series about the growing need for law firms to invest in cyber liability insurance coverage. Click here to read Part I, here for Part II and here for Part III.
How Can You Protect Your Firm from the Damages of a Cyber Attack?
There are many different cyber liability insurance policies are available. It is important to assess the risks and needs of your law firm, then to consult with a broker to determine the best fit.
Robert Berman of Cobbs Allen, an insurance broker who helps clients determine the best cyber liability policies for their firms, explained the different variables that should be considered in determining the right policy and price for a firm’s cyber liability coverage. As expected, the larger the firm, the higher the price. He also explained that the practice areas of the attorneys in the firm affect pricing. For example, a firm that mainly deals with collections has more exposure because it is likely to have its clients’ credit card and debit card account numbers.
As far as the different coverage options available, some policies cap notification costs in terms of a dollar amount, while others cap the cost in terms of the number of records compromised. Another coverage option would be to have business interruption coverage. This coverage would protect any exposure faced by a firm if its website is shut down. Berman explained that this is an area where there would probably not be a lot of exposure for a defense firm, since firms are not likely to suffer a huge loss if their websites are down for a day. He added that most policies also have a public relations component and a forensic component.
In a firm of 25-30 insurance defense attorneys, Berman said the limit of liability would be $1 million. The defense cost would be included in the cost of the insurance. For a $1 million policy, the premium would be around $2,000 a year.
Cobbs Allen is part of the Chubb Group of Insurance Companies, which insures over 95 percent of the top 200 U.S. law firms. Like most cyber insurance policies, Chubb’s CyberSecurity policy covers first-party and third-party losses. The policy covers privacy notification and crisis management expenses, reward expenses arising out of a covered wrongful act or expense, e-business interruption and extra expenses, e-threat expenses resulting from the insured surrendering funds to a person who makes a threat, and e-vandalism expenses resulting from the destruction of data owned by the insured.
Most cyber insurance policies cover first-party and third-party losses. For example, Travelers’ CyberRisk policy offers 10 separate cyber insurance coverages, designed to address the broad array of cyber security exposures emerging in today’s world. The policy covers first-party losses, including: crisis management event expenses, security breach remediation and notification expenses, computer program and electronic data restoration expenses, computer fraud, funds transfer fraud, e-commerce extortion, and business interruption and additional expenses. The policy also covers exposure under third-party losses, such as network and information security liability, communications and media liability, and regulatory defense expenses.
When negotiating a cyber liability policy, there are some key considerations to keep in mind. Analyzing your potential exposure is the first step. One way to analyze your exposure is to hire a forensic firm to perform an analysis of your law firm’s exposure to cyber risks. Once you receive the report, “[O]ther key considerations include whether the company has overseas operations, whether the company has call centers, the extent of the company’s internet operations, and the company’s reliance on cloud computing.” These factors will help determine the risk of your firm’s data and help to provide the best coverage for your practice.
Conclusion
After considering the risks involved in failing to procure coverage for a cyber breach, the advantages of purchasing cyber liability insurance are well worth the cost. Last year, Cobbs Allen issued approximately 50 cyber liability policies. Less than 10 percent of those policies were issued to firms that had around 25-30 attorneys.
This data suggests that many Alabama attorneys need to evaluate their exposure to cyber risks. You would never leave the door to your firm unlocked after closing time, so why leave data exposed to cyber threats 24/7? According to ComputerWeekly.com, “Data breaches are now a fact of life, together with taxes and death.”
If your firm is not prepared for a cyber attack, now is the time to do so. Conducting a forensic analysis of your firm’s exposure to cyber threats, addressing those security issues, and procuring cyber liability insurance for coverage in the event of a cyber attack are crucial to protecting your clients’ information and your firm from the extensive costs of an electronic data breach. Relying on your firm’s commercial general liability policy for coverage is not enough. Procuring coverage through a cyber liability policy is the best decision to ensure coverage for your firm, should an electronic data breach occur.
This post, as well as the others in this series, was excerpted from our “Cyber Liability Insurance: Is Your Firm Covered?” article in the spring issue of the Alabama Defense Lawyers Association Journal magazine. Click here for the full article.