Hackers and cybercriminals are increasingly targeting law firms because they manage sensitive, personal, and confidential information and legal documents.
According to the American Bar Association’s 2023 Cybersecurity TechReport, 29% of respondents reported that their law firm had experienced a security breach in the past year.
With breaches in such high numbers —and continuing to grow— it’s essential to have cybersecurity measures in place regardless of your law firm’s insurance coverage.
What Is Cyber Insurance?
Cyber insurance is a liability insurance policy that provides both small businesses and large corporations protection from cybercrimes such as cyber extortion and data breaches. A cyber insurance policy should cover:
- Data breaches, such as theft of personal information
- Cyberattacks, such as breaches of your information technology
- Cyberattacks on your data held by a third party
- Terrorist attacks
Additionally, cyber insurance can help offset several costs, including:
- The cost of recovering data and restoring compromised systems
- The cost of any business interruption
- Extortion
- Legal and regulatory defense expenses
What Cyber Insurance Does Not Cover
With both cyber threats and insurance claims continuously rising, getting suitable insurance will continue to be more difficult. Insurers’ requirements are growing, and even when requirements are met, policies are becoming more prescriptive. Insurance companies typically consider several factors when determining the scope and cost of a policy, such as:
- The organization’s history with cyber threats and risks
- Customer demographics
- The technical defenses in place to thwart any cyber-attack or data breach
While cyber insurance policy coverage will vary depending on the needs of the law firm, there are several items that a cyber insurance policy will not cover:
- Insufficient security procedures: If a cyberattack results from the law firm’s poor or inadequate security systems or procedures. Insurers often ask that a cybersecurity assessment be performed before obtaining or renewing coverage.
- Cyberattacks caused by employees or those who have access: If a cyberattack was caused by an employee or someone who was given access to your systems, it will typically not be covered by insurance.
- Pre-existing data breaches or cyberattacks: If the law firm suffered a cyberattack in the past, and the vulnerabilities that enabled that cyberattack still exist, the insurer will not cover the costs related to any new cyberattack or data breach resulting from that vulnerability.
- Technology system improvements: Any improvements that are made to strengthen and improve your technology to make the network less vulnerable to cyberattacks will not be covered.
Don’t Risk It – Invest in Cybersecurity
No matter what type of cyber insurance a law firm carries, there are things that it simply will not cover. Plus, when you file a claim, your cybersecurity technology must meet the insurer’s standards. Typically, this means implementing and maintaining the following:
- Data security protections, such as virus scans and the use of multi-factor authentication (MFA) for remote access
- Business continuity plans, including regularly tested backups and a disaster recovery plan
- Email security, which may mean pre-screening emails and enforcing multi-factor authentication when accessing email
The demands of cybersecurity can feel overwhelming. To maximize defensibility against the stringent requirements of cybersecurity liability insurance, engage a managed service provider like TPx. With comprehensive, end-to-end solutions, a managed service provider will enable a law firm of any size to obtain all essential IT services from a single provider, reducing complexity, saving money, and reducing risk.
Get IT and cybersecurity support specially designed with the challenges of law firms in mind. Get in touch to get started.