A law firm faces daily threats of security breaches that can devastate the firm’s bottom line and its reputation. How then can a law firm be prepared for the inevitable data breach or the day a network is held for ransom?
Recent research confirms that Error and Misuse can cause a data breach. A law firm needs protection from unintended consequences resulting from mistakes.
The first step is to have the right Cyber Liability Insurance. Find a product designed specifically for law firms. Secure a policy and a reliable provider with the presence to guide a law firm through the aftermath of a security breach. A cyber insurance provider should offer the following support in the unfortunate instance of a cyber security breach.
A law firm’s Cyber Liability Insurance provider checklist:
Conducts technical forensics to determine the scope and cause of the data security breach;
Understands the relevant regulatory, legal, ethical and malpractice obligations associated with the breach;
Determines which authorities and regulatory bodies must be notified and guide the firm through the notification process;
Identifies the individuals and businesses that the firm must and may wish to notify;
Selects and implements the best loss reduction solutions for the breach including credit monitoring, legal filings, insurance or fraud prevention;
Manages ongoing communications with businesses and individuals that are victims of the breach, including call center services such as developing scripts and training call center staff;
Coordinates with a public relations firm to implement a public relations campaign to protect your firm’s brand;
What to look for in coverage features:
Business interruption coverage should be a core feature of a Cyber Liability Insurance policy. Most businesses do not have the internal expertise to value the loss and absorb the cost of hiring experts to submit a business interruption claim. A Cyber Liability Insurance product should pay for technical forensics and forensic accounting services to assist with proof of loss statements and claim recoveries. Not all do.
Most Cyber Liability Insurance policies use the standard business income loss calculations which are based on revenue received during the outage period and not hours billed. A law firm could lose hundreds of billable hours from a virus following a loss and not be able to recover the lost income from their insurance company. Look for a Cyber Liability Insurance product that is designed for law firms.
Obtain coverage of unauthorized access, use, disclosure or theft of private consumer information, confidential business information or other sensitive legal or client information occurring at the company or at a company vendor.
Obtain coverage for transmission of a computer attack or computer virus to others due to misuse of the company’s computer system.
Obtain coverage of misuse of the company’s computer system, website, email, social networking or other electronic communications resulting in harm to others.
Obtain coverage for Data Restoration Costs – Covers the cost to rebuild, reconstruct or re- engineer electronic data following a computer virus, hack, denial of service, cyber terrorism, cyber extortion, cyber espionage or other computer attack that alters, damages, or destroys electronic data.
Obtain coverage that extends to costs of computer forensics following a loss.
Obtain coverage of Crisis Management – Covers (1) Public relations expenses; (2) Breach notification expenses; and (3) Credit monitoring and identity theft services following an event otherwise covered by the policy including a virus, hacker attack, or disclosure of confidential / private information.
Be aware that Cyber Liability Insurance policies can include minimum security requirements in order for coverage to apply. They include antivirus software, firewalls and encryption. It may be a requirement to maintain an on-going patch management process and store all data on mobile data storage devices or media in an encrypted format including smart phones, USB devices, laptops, tablets, backup tapes and discs.
Network security alone cannot entirely protect the firm’s data. No firewall is 100% secure. Be prepared to mitigate the inevitable cyber security breach with a trusted Cyber Liability Insurance partner.
Network security alone cannot entirely protect your data. No firewall is 100% secure. Be prepared to mitigate the inevitable cyber security breach with a trusted Cyber Liability Insurance Partner.
The information provided above is for illustrative purposes only. Always consult with an insurance agent or broker on the needed coverage features for your business. The actual policy terms and conditions will apply in the event of a claim.
Editors Note: This post was originally published in May 2016 and has been completely revamped and updated for accuracy and comprehensiveness.
Coverage and support information provided by Safe Law.