Not Having Cyber Liability Insurance: The Real Risk Your Law Firm Takes

When it comes to the possibility of a breach of confidential information, proactive versus reactive is extremely important. Experts recommend the latest firewall protection, essential password - user identity protocols, and encryption for remote devices accessing and transmitting confidential information. An ABA Journal article strongly recommends that law firms take the additional step of purchasing cyber liability insurance, which adds another layer of financial protection in case of a breach. A Cyber Liability Insurer will provide you with the resources to help you identify and address network and system vulnerabilities.

The bottom line...Law firms have an ethical and legal obligation to protect the confidential digital information that they routinely access and store.

Types of Data at Risk of Breach

A leader in professional liability insurance for law firms, CNA, quoted the security consulting firm Mandiant, saying that 80 percent of the largest 100 law firms in the United States reported a malicious computer breach. In a majority of the cases, the law firm did not discover the breach on its own, or had uncovered the incident several months after its occurrence. Firm size and legal specialty aside, if you take a quick inventory of client and firm-business information right this minute, your law firm will have some or a combination of the following data:

  • Attorney-client privileged communications such as memorandums, e-mails, and other legally privileged information like attorney work product;
  • Litigation tactics and strategy information, including argument strength/weakness points and settlement parameters;
  • Confidential client data -- retrospective information about the circumstances of the matter at hand or prospective information regarding future initiatives and plans; and
  • Client intellectual property such as copyright, patent,  and trade secrets.
  • Personal identification information-- account and account-access information that include customers' name, address information, payment card number, and PIN numbers

Sources of Cyber Breaches

Baker & Hostetler, a major cyber liability defense law firm with offices located across the U.S. reported that human error accounted for most of the security breach incidents handled by the firm in 2014. Employee negligence topped the list with 36 percent of the cases. Examples of internal errors cited include:

  • Loss or stolen unencrypted laptop or other mobile device;
  • Visiting questionable websites;
  • Insider misuse or mishandling of confidential data;
  • Downloading unapproved software through firm’s network or mobile device;
  • Communication over public or unsecured network;
  • Use of a USB drive on an unsecured network; and
  • Accessing network with unapproved devices.

The Benefits of Cyber Liability Insurance

Professional Liability Insurance Policies typically do not have enough coverage in the event of a confidential client information breach or a network hack. A stand-alone cyber liability insurance  policy is preferred in that it provides a separate limit of liability. This safeguards against depletion of the firm’s professional liability policy limit. The policy should meet the policyholder’s specific needs and cover any gaps in the existing professional liability insurance coverage. Investing in a stand-alone cyber liability insurance policy ensures that you have immediate access to breach response experts to provide you the assistance you need in the event of a security breach. Other benefits of a cyber liability insurance coverage include:

  • Access to security auditors at forensic companies trained to identify the scope of a data breach, assistance in recovery, restoration or replacement of data and software;
  • Public relation companies experienced in working with law firms with the ability to design and execute the appropriate public response to the breach;
  • Notification services designed to assist you in the drafting and delivery of notifications to clients, opposing counsel, courts, State Attorney Generals, law enforcement agencies, creditors, and other parties; and
  • Provide credit and Internet monitoring services for the purpose of alerting the exposed individual if nonpublic personal information has been made public.


There are numerous ways for a breach or data theft to occur. Failure to protect sensitive data puts you at risk for litigation, regulatory penalties, damaged reputation, loss of business, and other repercussions. Cyber liability insurance helps you manage the financial risk.  It is critical to work with an experienced broker who can help you identify your risk and customize a cyber liability insurance policy to meet your specific needs.


Cindy Wiedman

Cindy is a Registered Professional Liability Underwriter (RPLU) and has designed and administered professional liability insurance programs over a 35 year career. She has worked with many affinity groups over that time, and specializes in Lawyers Professional Liability Insurance. She has served members of the Iowa State Bar Association with their liability Insurance needs since 1986, first for Kirke Van Orsdel, then Marsh Affinity and most recently Lockton Affinity.