Risk of Cyber Breaches so high now that Insurance could become Mandatory for lawyers? Time to explore options.

Shocked young girl in front of computer monitor in a law firmInteresting comments from legal practitioners and the insurance sector at the Doctors Chambers Modern Law Conference 2016 at Old Trafford; reported recently in Modern Law.

According to David Hallam, Commercial Director at NCC Group –  the majority of data breaches arise from “phishing attacks”.  He explained that their expert hackers can gain access to systems “within 20 seconds” and once the hackers are in “40% manage to launch malware”, and of that 40%, “30% manage to obtain or compromise sensitive data”.  Responding to questions posed by the session chair, he concluded that cyber insurance “is moving towards becoming mandatory” for lawyers.


According to Verizon’s Data Breach Investigations Report, May 2015:

  1. 23% of people open phishing emails
  2. 11% open the attachments in those emails
  3. In 60% of cases, attackers can compromise your data within minutes
  4. It typically costs between £33 and £35 to fix each record breached

Michelle Garlick, Risk and Compliance expert at Weightmans said – “Firms can’t just sit and hope that attacks won’t happen … [they are] taking insurance more seriously” and looking more at “AAA rated insurance companies”;  also suggesting that when it comes to cyber risk, conveyancing is more risky than personal injury and that it is “too early” for cyber insurance to be mandatory.

On the other hand, Lesley Graves, MD of Citadel Law said that cyber crime could easily affect the personal injury market because firms often deal with “large amounts of money and sensitive information”. She recommended that delegates undertake a “business assessment” and look at how to build the long term cost into the business strategy”.

Ian Muldowney, Head of Professional Indemnity & Financial Risks (Reich Insurance Brokers) has seen a steep increase in calls surrounding cyber risks, particularly over the last 12 months, “with a huge increase in cyber crime activity both in the UK and globally, our clients are discovering that criminals are looking to target large organisations and SMEs alike.”

With the National Crime Agency noting that losses from such crimes exceed £16bn in the UK annually, clients are right to be concerned and to have cover in place which offers both preventative advice and a security blanket should anything go wrong. This is particularly were an expert broker can prove their worth.”

To address these critical risks:

1) Assess the risks and take steps to prevent breaches. The priority should be to take the 10 steps highlighted in this article to make your practice more cyber-resilient.

2) Insure against the breaches you can’t prevent.  You can be sure that no law firm can eradicate the risks completely – so backup insurance is essential with the risks clearly increasing here.  To give you a feel for the kind of cover available from reputable and reliable insurers, speak with a broker who has taken the time to understand Cyber insurance – such as Reich Insurance – who can review your needs and advise you on the best solutions available.

Reich Insurance, Cyber risksA policy can be sourced to provide:

  1. 24 hour incident number available 24/7.  Essential as it is critical to act quickly.
  2. A specialist IT forensics expert within 1 hour.
  3. Diagnosis of the issue, fixing it and getting the business back on track.
  4. Covering the costs of a) notification, b) data restoration, c) cyber business disruption and d) cyber extortion, all of which are real and potentially substantial costs in this situation.
  5. Help with public relations and specialist legal advice.

For more information about this and other relevant insurance policies, contact Reich on 0161 830 5491.

To discuss what steps you should be taking now to reduce the risks of cyber breaches and build cyber resilience into your practice, contact NIgel Stott at Inpractice UK on 0161 929 8355 or fmanning@inpractice.co.uk

2 thoughts on “Risk of Cyber Breaches so high now that Insurance could become Mandatory for lawyers? Time to explore options.

  1. Allan Carton Post author

    Yet another example of a breach (at Dropbox this time) way back in 2012 that has just come to light, with an incredible 68 million login credentials at risk. A good article with useful practical guidance.

    https://goo.gl/H0YzPc

    Two questions: 1) Does your IT team know who in your practice is using Dropbox, so they can take appropriate steps to ensure that this use is secure? If they don’t know this, what other “Cloud” services are people using that they don’t know about. It could be time to do an audit and set policies and more controls?

    2) Do you have cyber-breach insurance to deal with the events that will happen that you won’t know about – however much effort you put into protecting your practice from breaches now?

Comments are closed.