With news of crippling cyberattacks against big companies making regular headlines, more and more law firms are buying cyber insurance to cover the cost of a data breach.
According to insurance brokerage Aon, more than 60 out of the 250 medium and large law firms that it services have purchased cyber insurance within the last two years. Marsh said that close to 40 percent of its roughly 100 large law firm clients have purchased the insurance, up from 20 percent two years ago.
Insurance professionals say the uptick is driven by an increased awareness of the threat of a data breach or hack, as well as a realization that existing law firm insurance policies don’t cover all the costs that could result from such an attack.
“A lot of firms were under the impression that professional liability would pick up almost anything. This is not the case,” said Tom Ricketts, a senior vice president and executive director at Aon. “This has been one of the major debates that we’ve had with law firms over the last two years.”
The policies that law firms typically carry, such as lawyers’ professional liability insurance, general liability insurance and property insurance, do not always provide coverage when employee rather than client data is compromised, or when the firm must hire a forensic team to determine what data was lost and how. They also most likely won’t cover the cost of notifying regulators or engaging a public relations firm.
Cybersecurity insurance policies are designed to cover those costs. This type of policy has been around since the late 1990s, but previously it was mostly purchased by banks and retail companies.
“For law firms, that awareness of it has hit a tipping point,” said Greg Vernaci, a senior vice president and head of cyber at AIG. “That’s why they’re buying more and more of this.”
Without getting into specifics, Vernaci said the rate at which law firms are buying cyber policies goes up every year.
Daniel Garrie, co-head of the cybersecurity practice at Zeichner Ellman & Krause, identified another factor that is pushing firms to buy cyber insurance. “Their clients are compelling the action,” Garrie said. “They’re requiring the law firms to have cyber insurance as a matter of business.”
Insurance professionals said that cyber policies are complicated and vary dramatically as insurers seek to differentiate themselves from their competition. They also change regularly as the threats evolve.
“2016 is the year of ransomware and cyberextortion,” Vernaci said, referring to a hack in which cybercriminals freeze a company’s online systems and demand payment to unfreeze them. In a recent example, the Los Angeles County Department of Health Services lost control of its computers in a ransomware attack, the Los Angeles Times reported. The county did not pay the ransom demanded.
Vernaci said he has seen a large law firm subject to this type of attack recently, though he declined to name the firm. He emphasized that many industries are being targeted, not just law firms or health care providers.
Just as policies vary dramatically, so do their prices, Ricketts said. But he offered what he called “a very, very loose rule of thumb”: A policy should cost $10,000 to $15,000 for each $1 million of limit.
In other worlds, a firm can expect to pay between $20,000 and $30,000 per year for a cyber policy that will cover up to $2 million in expenses.
Read full article
Thursday, March 31, 2016
Monday, March 14, 2016
How should an attorney should handle a mistake.
Although there are steps that attorneys can take to reduce the likelihood of making an error, mistakes still happen in the course of an attorney-client relationship.
Involve the legal malpractice insurance company.
Many attorneys believe that it is better to wait for the claim (typically defined as a "written demand for money or damages") or a lawsuit before involving their legal malpractice insurer. In reality, the risks of waiting far exceed any perceived advantages.
Yes, most legal malpractice policies are "claims made" or "claims made and reported" policies. This means that the policy covers claims against lawyers that are made (and if required, reported to the insurance company) during the policy period. The important date is when the claim is made. This is the latest time when a claim must be reported to the insurance company.
On the other hand, most policies also permit a potential claim to be reported as soon as the lawyer learns about any basis upon which a claim could be made, including a simple mistake. In legal malpractice nomenclature, such a report is called a "notice of a circumstance." By giving notice of a circumstance, a lawyer assures coverage in the event a subsequent claim results, regardless of when the claim is finally made or the lawsuit is filed.
Also, by giving the notice of circumstance, attorneys can avoid some tricky issues in the renewal process for their malpractice insurance. Many applications ask if any attorney applying for insurance is aware of a circumstance that might give rise to a claim. Attorneys who have not already reported the circumstance then face the obligation to do so in response the question. The failure to report a potential claim in an application for coverage or renewal can put coverage for the entire firm at risk.
Once the malpractice insurer is involved, the better approach is to provide the client with the contact information for the professional liability insurance carrier. Basically, get out of the middle.
Involve the legal malpractice insurance company.
Many attorneys believe that it is better to wait for the claim (typically defined as a "written demand for money or damages") or a lawsuit before involving their legal malpractice insurer. In reality, the risks of waiting far exceed any perceived advantages.
Yes, most legal malpractice policies are "claims made" or "claims made and reported" policies. This means that the policy covers claims against lawyers that are made (and if required, reported to the insurance company) during the policy period. The important date is when the claim is made. This is the latest time when a claim must be reported to the insurance company.
On the other hand, most policies also permit a potential claim to be reported as soon as the lawyer learns about any basis upon which a claim could be made, including a simple mistake. In legal malpractice nomenclature, such a report is called a "notice of a circumstance." By giving notice of a circumstance, a lawyer assures coverage in the event a subsequent claim results, regardless of when the claim is finally made or the lawsuit is filed.
Also, by giving the notice of circumstance, attorneys can avoid some tricky issues in the renewal process for their malpractice insurance. Many applications ask if any attorney applying for insurance is aware of a circumstance that might give rise to a claim. Attorneys who have not already reported the circumstance then face the obligation to do so in response the question. The failure to report a potential claim in an application for coverage or renewal can put coverage for the entire firm at risk.
Once the malpractice insurer is involved, the better approach is to provide the client with the contact information for the professional liability insurance carrier. Basically, get out of the middle.
Subscribe to:
Posts (Atom)