Interesting comments from legal practitioners and the insurance sector at the Doctors Chambers Modern Law Conference 2016 at Old Trafford; reported recently in Modern Law.
According to David Hallam, Commercial Director at NCC Group – the majority of data breaches arise from “phishing attacks”. He explained that their expert hackers can gain access to systems “within 20 seconds” and once the hackers are in “40% manage to launch malware”, and of that 40%, “30% manage to obtain or compromise sensitive data”. Responding to questions posed by the session chair, he concluded that cyber insurance “is moving towards becoming mandatory” for lawyers.
According to Verizon’s Data Breach Investigations Report, May 2015:
- 23% of people open phishing emails
- 11% open the attachments in those emails
- In 60% of cases, attackers can compromise your data within minutes
- It typically costs between £33 and £35 to fix each record breached
Michelle Garlick, Risk and Compliance expert at Weightmans said – “Firms can’t just sit and hope that attacks won’t happen … [they are] taking insurance more seriously” and looking more at “AAA rated insurance companies”; also suggesting that when it comes to cyber risk, conveyancing is more risky than personal injury and that it is “too early” for cyber insurance to be mandatory.
On the other hand, Lesley Graves, MD of Citadel Law said that cyber crime could easily affect the personal injury market because firms often deal with “large amounts of money and sensitive information”. She recommended that delegates undertake a “business assessment” and look at how to build the long term cost into the business strategy”.
Ian Muldowney, Head of Professional Indemnity & Financial Risks (Reich Insurance Brokers) has seen a steep increase in calls surrounding cyber risks, particularly over the last 12 months, “with a huge increase in cyber crime activity both in the UK and globally, our clients are discovering that criminals are looking to target large organisations and SMEs alike.”
With the National Crime Agency noting that losses from such crimes exceed £16bn in the UK annually, clients are right to be concerned and to have cover in place which offers both preventative advice and a security blanket should anything go wrong. This is particularly were an expert broker can prove their worth.”
To address these critical risks:
1) Assess the risks and take steps to prevent breaches. The priority should be to take the 10 steps highlighted in this article to make your practice more cyber-resilient.
2) Insure against the breaches you can’t prevent. You can be sure that no law firm can eradicate the risks completely – so backup insurance is essential with the risks clearly increasing here. To give you a feel for the kind of cover available from reputable and reliable insurers, speak with a broker who has taken the time to understand Cyber insurance – such as Reich Insurance – who can review your needs and advise you on the best solutions available.
- 24 hour incident number available 24/7. Essential as it is critical to act quickly.
- A specialist IT forensics expert within 1 hour.
- Diagnosis of the issue, fixing it and getting the business back on track.
- Covering the costs of a) notification, b) data restoration, c) cyber business disruption and d) cyber extortion, all of which are real and potentially substantial costs in this situation.
- Help with public relations and specialist legal advice.
For more information about this and other relevant insurance policies, contact Ian Muldowney, Head of Professional Indemnity & Financial Risks, Reich Group of Companies on 0161 830 5491 or at email@example.com
To discuss what steps you should be taking now to reduce the risks of cyber breaches and build cyber resilience into your practice, contact Frank Manning at Inpractice UK on 0161 929 8355 or firstname.lastname@example.org