Privacy of data is the single biggest emerging risk for businesses in the 21st Century
Regardless of size, today cyber risk is a significant risk to all law firms.
In today’s networked digital world, not only is data theft an increasing focus of criminal activity, it’s also becoming more and more difficult to control, secure and preserve that data.
Law Protect is at the leading edge of cyber risk solutions. We tailor the cover to suit your needs, with cover typically including:
- Privacy Breach Notification & Crisis Management Costs
- Privacy & Security Liability
- Cyber Extortion
- Business Interruption – Loss of Profits & Operational Expenses
- Data Recovery & System Damage
- Regulatory Defence and Fines
- Media Liability
- Loss of Digital Assets
Cyber insurance can offer different, additional types of cover including specialist technical support.
Where cyber fraud involves the loss of the practice’s own funds, a policy designed to cover only third-party claims would not respond. The practice would likely be uninsured for this loss unless it had purchased a suitably worded crime policy or endorsement (under a management liability policy, for example).
The need for urgent responses
Cyber events require urgent responses to contain damage and loss or disclosure of client information. The ability to access specialist expertise at a time of crisis can be an important feature of cyber insurance.
IT experts who specialise in responding to cyber events hold keys that unlock malware and are experienced in quickly identifying evidence of and responding to system breaches. This is available with our cyber insurance.
Why Cyber risk is a major threat to legal firms
Law firms store large amounts of their clients’ most confidential data. Preserving that client confidentiality is at the heart of your relationship of trust with your clients and fundamental to your firm’s reputation and ongoing success.
Malware threats such as ‘WannaCry’, ‘Petya’ and NotPetya’ have established that you don’t need to be a target to become a victim of cybercrime.
The risk of financial loss, disruption or damage to the reputation of a law firm due to computer hacking, cyber extortion and ransomware, business interruption and unintended disclosure or destruction of confidential information is a serious threat with increasing momentum and will become a reality for many legal firms.
Law Protect also provides its clients with practical advice and a range of online resources to assist you manage your managing information security risks. Contact our Lawyers’ Team for more information.
In 2020 all law firms should have cyber insurance and if they have insurance know exactly what limitations apply to current policies offers to law firms. For more information email [email protected] or call us now on 1300 111 222
Snapshot of current Cyber claims
against Australian Law Firms
The most common against lawyers are ransomware attacks, where an employee opened an affected file/email.
Below are three examples of current claims:
- Notification was made by Insured regarding a cyber extortion threat and ransomware attack on the insured’s computer network. All 10 servers have been encrypted and these systems provide core business functionality. Unfortunately, the only copy of the backups, those being conducted over the network were also encrypted.
- Given there was no known way to decrypt this variant of Ransomware, brute-force or otherwise, recommendations were made for payment of the ransom of 0.6 Bitcoin of approximately AUD5,300.
- The ransom payment was made and after a lengthy delay it was confirmed that the decryption key did not work. The insured’s IT consultants have continued a manual rebuild of the insured’s computer network focussing on restoring basic function as a matter of priority.
- The insured maintains a claim for first party costs and expenses and loss of business income incurred as a result of a first party insured event which occurred on the insured’s computer network.
- Total incurred $245,000.
- Notification was made Insured regarding a ransomware attack on the insured’s computer network. The insured has provided a brief report from its IT consultants accompanied by screenshots of the encryption message and computer system as evidence of the claim.
- Unfortunately, the Notification took place after core decisions had been taken, and Underwriters were not consulted in relation to the alternatives, which has raised additional issues.
- The insured intends to make a claim for Loss of Business Income and is awaiting invoices from the insured’s IT consultants before advancing a claim for Cyber Costs and Expenses.
- Total incurred $181,000
- Insured suffered a ransomware attack and appointed its own IT firm to investigate the incident. The IT firm discovered the ransomware and provided an initial report that all back-ups had also been encrypted.
- A ransom request for payment of $25,000 payable in Bitcoin was also found during the investigation.
- Following a request from the Insured, the Insurer subsequently appointed IT consultants from Underwriters’ expert panel to urgently liaise with their IT firm to conduct investigations and produce a rapid incident response report.
- This report revealed that there was no reasonable prospect of rebuilding the computer network due to the extent of the encryption. Authority was given to appoint recovery firm to decrypt the insured’s files for a cost of $38,850.
- Decryption has occurred and migration to new servers have occurred. Submissions from the insured detailing costs incurred to date including loss of business income received.
- Total incurred $198,000.