It could be argued that there has been a sea change in the way Cyber Insurance is viewed by the average business owner. Without a doubt, it’s the most quickly growing segment of Insurance. Companies of all sizes are finally beginning to recognize its importance.
Today, business exists in a world where electronic tools are paramount to remaining profitable; file management, Point of Sale hardware and software, Websites for online purchases or reservations, storage of credit/debit cards and other Personally Identifiable Information, banking… not to mention the thing we probably all use it for the most, email.
Most business owners are realizing how catastrophic it would be to their business were they to lose access to their computer systems.
One industry that does not appear to have fully grasped this importance, however, is one that I’d consider having some of the most significant electronic exposures- law firms.
Law firms are just as susceptible to cyber-attacks as any other business, and in many cases are a sweeter target for criminals.
Take for example Ransomware attacks. Cybercriminals recognize that not only can most law firms not safely operate without the calendaring/docket control software they rely on, but that the files they keep on their clients often contain highly sensitive information.
If released, that could cost the client (and in turn, of course, the law firm) millions of settlement or judgement dollars- not to mention any public embarrassment that might come along with it. Million-dollar ransom demands are no longer unusual in these cases.
Another example involves a form of Social Engineering, which is the act of deceiving someone into revealing information or performing an action. In what’s become a classic scenario for law firms that do Real Estate work, a bad actor hacks into a firm’s network and simply lurks in the background observing how an attorney interacts with their support staff over email- tone, language, etc.
They wait for a time when the attorney is going to be difficult to reach- maybe vacationing outside the country. They then email the support staff to rush-transfer funds on a client’s real estate deal to “this account.” Spoiler alert: the account belongs to the bad actor, and now the funds are gone. The most recent real-life example I heard of this involved a seven-figure loss.
Of course, these two scenarios involve someone at the firm making a mistake- clicking on a link they shouldn’t have, or transferring funds without using an alternate communication method to confirm it was legitimate. Easy to dismiss as “not something that would happen at my firm” (though, believe me, cybercriminals are getting impressively good at tricking even the most cautious of us).
In that case, take the example of one of my clients, and small law firm that did nothing wrong besides hiring the wrong IT vendor. Because when that vendor got hacked a few years back, and the hackers were able to access the firm’s servers that way, the resulting loss was over $250K in replacement hardware and software for the firm.
Very luckily for them, they were in the minority of law firms that had already purchased Cyber coverage, which responded swiftly and got them back up and running not long after the incident. They weren’t yet another example of a law firm that decided to cover their exposure after they had a loss- which, of course, is too late.
The modern Cyber insurance policy covers all kinds of expenses that are incurred when a computer network goes down; lost profits during the shutdown, hardware and software replacement, data recovery, third-party liability, computer fraud, funds transfer fraud, notification costs and even the ransom payments a company might be forced to pay.
And though premiums have gone up significantly in the last couple of years, there is no doubt that it is still inexpensive in comparison to what we’re quickly moving towards. The more common cybercrime gets, the more expensive it is going to be to insure it. And it’s getting very common.
We all like to think that we wouldn’t get tricked by a cyber-criminal. And yes, in many cases the attempts at fooling us are embarrassingly obvious and amateurish. I still see emails from Nigerian princes now and again. But the fact of the matter is that there are plenty of shrewd and cunning cyber criminals out there, and their methods evolve as quickly as computer technology itself.
As you read this, some criminal somewhere has begun using a tactic that neither of us has heard of yet. And none of us knows how to stop it- yet. Until we do, make sure you’ve properly protected your practice’s exposure by purchasing some kind of Cyber liability insurance- while it’s still affordable, and before you need it, not after.
About the Author
Raffi Kodikian is a Vice President and Lawyers Professional Liability Practice Leader with Founders Professional. Raffi assists retail insurance agents across the Country with securing professional liability insurance solutions for law firms of all sizes. Raffi can be reached at [email protected].