Tag Archives: compliance

Risk of Cyber Breaches so high now that Insurance could become Mandatory for lawyers? Time to explore options.

Shocked young girl in front of computer monitor in a law firmInteresting comments from legal practitioners and the insurance sector at the Doctors Chambers Modern Law Conference 2016 at Old Trafford; reported recently in Modern Law.

According to David Hallam, Commercial Director at NCC Group –  the majority of data breaches arise from “phishing attacks”.  He explained that their expert hackers can gain access to systems “within 20 seconds” and once the hackers are in “40% manage to launch malware”, and of that 40%, “30% manage to obtain or compromise sensitive data”.  Responding to questions posed by the session chair, he concluded that cyber insurance “is moving towards becoming mandatory” for lawyers.


According to Verizon’s Data Breach Investigations Report, May 2015:

  1. 23% of people open phishing emails
  2. 11% open the attachments in those emails
  3. In 60% of cases, attackers can compromise your data within minutes
  4. It typically costs between £33 and £35 to fix each record breached

Michelle Garlick, Risk and Compliance expert at Weightmans said – “Firms can’t just sit and hope that attacks won’t happen … [they are] taking insurance more seriously” and looking more at “AAA rated insurance companies”;  also suggesting that when it comes to cyber risk, conveyancing is more risky than personal injury and that it is “too early” for cyber insurance to be mandatory.

On the other hand, Lesley Graves, MD of Citadel Law said that cyber crime could easily affect the personal injury market because firms often deal with “large amounts of money and sensitive information”. She recommended that delegates undertake a “business assessment” and look at how to build the long term cost into the business strategy”.

Ian Muldowney, Head of Professional Indemnity & Financial Risks (Reich Insurance Brokers) has seen a steep increase in calls surrounding cyber risks, particularly over the last 12 months, “with a huge increase in cyber crime activity both in the UK and globally, our clients are discovering that criminals are looking to target large organisations and SMEs alike.”

With the National Crime Agency noting that losses from such crimes exceed £16bn in the UK annually, clients are right to be concerned and to have cover in place which offers both preventative advice and a security blanket should anything go wrong. This is particularly were an expert broker can prove their worth.”

To address these critical risks:

1) Assess the risks and take steps to prevent breaches. The priority should be to take the 10 steps highlighted in this article to make your practice more cyber-resilient.

2) Insure against the breaches you can’t prevent.  You can be sure that no law firm can eradicate the risks completely – so backup insurance is essential with the risks clearly increasing here.  To give you a feel for the kind of cover available from reputable and reliable insurers, speak with a broker who has taken the time to understand Cyber insurance – such as Reich Insurance – who can review your needs and advise you on the best solutions available.

Reich Insurance, Cyber risksA policy can be sourced to provide:

  1. 24 hour incident number available 24/7.  Essential as it is critical to act quickly.
  2. A specialist IT forensics expert within 1 hour.
  3. Diagnosis of the issue, fixing it and getting the business back on track.
  4. Covering the costs of a) notification, b) data restoration, c) cyber business disruption and d) cyber extortion, all of which are real and potentially substantial costs in this situation.
  5. Help with public relations and specialist legal advice.

For more information about this and other relevant insurance policies, contact Reich on 0161 830 5491.

To discuss what steps you should be taking now to reduce the risks of cyber breaches and build cyber resilience into your practice, contact NIgel Stott at Inpractice UK on 0161 929 8355 or fmanning@inpractice.co.uk

DOWNLOAD: New Internet Newsletter for Lawyers

Blended LearningThe latest issue of the Internet Newsletter for Lawyers is now published here >>

In this issue

  • Developing People – Allan Carton of Inpractice UK explains how firms can introduce more effective training using e-learning tools and blended learning
  • Marketing – Susan Hallam of Hallam Internet tells us about the recent changes to Google AdWords results
  • Workplace – Chris Bryden and Michael Salter analyse the “snoopers’ charter” regarding employee communications
  • ODR – Graham Ross of Modria alerts us to the new ADR regulations being ignored by online retailers
  • Office applications – Alex Heshmaty of Legal Words explains how Google Apps for Work can benefit office productivity
  • Legal practice – Delia Venables considers the emergence of the new breed of “dispersed” law firms
  • Social media – Nick Holmes walks us through how Twitter works

Access the Newsletter online


Need CPD? – Details of the new Internet for Lawyers CPD 2016 competence courses are now online.

Significant Changes in the Legal Market coming through.

MergerThe stats quoted in this article from the SRA – where they express their concern about the risks involved as firms go through the transition (which we can help you to minimise and address) demonstrate the impact of commercial and regulatory changes that are re-shaping your market and your competition:

  • The proportion of firms remaining as sole practitioners in 2013 was 29%, down from 41% in 2006.  That’s a big change from a position that has actually remained fairly static until the last 12 months.
  • The top-10 conveyancing firms increased from 5.3% to 10.3% between 2010 and 2012, which is highly significant now that the property market has taken off again; but well organised more widely based practices, with good people management, processes, sales and client relationship skills are doing well now, as there’s (sometimes more than) enough work around.  The challenge is to get these components of the business right.
  • 42% of the top-50 firms considering a merger to be very or fairly likely by 2016.

The Article:  Merger rush presents new risks, say SRA

Are you doing enough to make the most of the opportunities here?  And can we help?

Allan Carton

NEW PUBLICATION: Targeting Profitability: Strategies to Improve Law Firm Performance

Targeting ProfitabilityI wrote a chapter for this book, published recently by Ark Group in association with Managing Partner.

The book comprises 110 pages of condensed content and brings together the views of 14 respected experts in law firm profitability from the the UK and US outlining specific areas within a law firm that can be targeted to introduce improvements, adapt processes and training – to generate an increase in profitability.  The other contributors are Tony Williams, Toby Brown, Robin Dicks, Susan Saltonstall Duncan, Steve Gale, Phil Gott, Brian Helweg-Larsen, Partrick McKenna, Simon Nash, Michael Roch, Joel A. Rose, Richard Tromans and Ori Weiner.

My section “Shifting the IT Focus to Developing Integrated Business Solutions” reinforces a lot of what we are doing with law firms at the minute to help firms address strategic issues where effective use of IT is part of the solution.  So there is commentary here to explain the rationale and give some tips on how to ensure the success of initiatives that are critical to most law firms now to ensure the business is sustainable and profitable.  Initiatives relate to:

  • Management of the new role of the in-house IT team
  • Management reporting, KPI’s and effective performance management
  • Client relationship management (CRM) systems and ethos
  • Proactive Performance management (again) and HR systems
  • Introduction of “lean” business processes
  • Adoption of technology on risk management and compliance; and,
  • Adoption of managed and hosted IT services

DOWNLOAD – Free Exec Summary & Sample Chapter and Buy The Book Here >>

Allan Carton

Use the pressures of regulation to improve service

On 6 October 2010 the professional rules of the Solicitors Regulation Authority (SRA) were amended to oblige those regulated by the SRA to draw attention to or “signpost” the existence of a new destination for clients’ complaints about their solicitor.  It is hardly surprising that with “signposts” in terms of business, on bills and firm’s web sites clients should follow the signs and began to complain, some 35,000 in the first year alone. 

LeO eventually resolved to publish the names of those law firms which had been the subject of a decision by LeO since April 2012.  The first publication occurred on 17 September 2012 and comprises the names of 772 law firms.  There were some 992 decisions, of which 490 (53%) did not lead to a remedy being ordered.  Of the 47% which led to a decision the average award was in the band £299-£499.

Name and shame provides those running law firms with a challenge and an opportunity.  Whilst the statistics show that, for the most part, law firms provide an excellent service that hard earned reputation may be threatened by publication.  The commercial implications of publication should spur managers to create a focus throughout their firms on avoiding complaints which emphasises the importance of treating clients with respect.  Even in the best run law firms things do occasionally go wrong and in those cases fee earners need to strive for outcomes which leave no bitter taste and therefore less likely to lead to referral to LeO and the dreaded publication. 

Competing with businesses like the Co-Op with a primary focus on the customer experience ensuring their clients are not just satisfied but delighted to have been a client.  Law firms must adopt a similar approach and encourage that in all staff at all levels.  Publication of complaints should change the focus on complaints handling from reactionary catch up to embedding a pro-active consumer positive attitude in all fee earners.   If firms do not change they are likely to find the market has left them behind.

Tony Guise

TONY N GUISE is a solicitor and director of GUISE Solicitors Limited – a law firm specialising in advising solicitors about all aspects of compliance and regulatory investigation.

COLP and COFA Suitability Challenges

We are now receiving instructions arising from the COLP/COFA suitability process following the dispatch of letters by the SRA to affected individuals over the last few weeks.  If anyone is struggling with this please contact us as we have plenty of experience with both the former and the present Suitability Test.  We will address the nuances of this in the COLP/COFA context in a briefing paper coming out later this month.

SRA Update on COLP & COFA Timetable

From the SRA’s May update …

You can nominate your COLPs and COFAS from 31 May until 31 July 2012.  Expect an email before the end of May from the SRA to your firms’ authorised signatory with a link to the web-based nomination form so you need to make sure they know who that should be. As the result of another deferral by the SRA in May, the date for the SRA to give approval to nominations is now 1 January 2013 when COLPs and COFAs must start fulfilling their duties – which applies to existing law firms, including sole practitioners.

Some useful guidance and more information here

Lexcel is a great way to get your house in order to ensure compliance – so if you are thinking about going down this route, have chat with Mike Jackson who has taken many firms through the process very cost-effectively since the standard was first introduced.

Contact Mike direct on  07802 281 599 or at mjackson@inpractice.co.uk

Or complete this form and Mike will contact you.