Login | April 27, 2024
ABA overview on cyber liability insurance
RICHARD WEINER
Technology for Lawyers
Published: July 22, 2016
A recent American Bar Association survey found that, while all attorneys are required to carry professional liability insurance, only eleven percent of attorneys have coverage for data breaches and other potential problems cybersecurity problems.
Clearly, at this point, the news of an endless cycle of cyber breaches in law firms and their clients’ businesses indicate that all attorneys need some kind of cyber liability coverage—whether that is a rider on a current policy, or a stand-alone policy.
The ABA just published a very good guideline on what to look for in a cyber liability policy. We’ll give you a few tips, and a link to the original article.
Unless someone is up-to-date on the recent spate of law firm cyber breaches, or the field of law firm cybersecurity, it may be difficult to conceptualize what the problems might be, and thus difficult to envision what insurance coverage should encompass. The article has a set of very helpful guidelines to use in looking at potential coverage for cyber breaches.
The first tip, to borrow an NFL phrase, is “gap integrity.” Check to see if there are gaps (non-coverage) in coverage in your current policies in privacy notification, crisis management, business interruption, cyber extortion threats, or data recovery.
Then on to what clauses a cyber breach policy would have in it, looking at it in terms of potential actions before (prevention), during (protection), and after an event (response).
In addition, coverage will be for both third-party (client) and first-party (law firm) damages.
Third-party damages can include fines and penalties for allowing a breach of a client’s data. One of these is “privacy liability,” which covers costs to the client’s employees, credit card holders, etc., for the breach. Other damages to the client’s business are basically only limited by your imagination.
First-party damages can include notification, credit monitoring, investigation, forensics, and lost income.
First-party coverage can include costs associated with a number of issues, including theft and fraud (more than half of data breaches are caused by insiders or system problems). Other coverages can include costs for forensic investigations, business interruption/ loss, extortion, and data loss and restoration.
Do yourself a favor, and read the entire article here: http://www.americanbar.org/publications/gp_solo/2016/may-june/cyber_insurance_law_firms.html