Essentially, cyber risk means any risk of financial loss, business disruption or damage to the reputation of a law firm from some form of failure of information technology systems.
Law firms are targets
Law firms are attractive targets to hackers due to their vast repositories of sensitive data, often containing clients’ most intimate personal and business details. Most law firms do not view themselves as being potential targets and therefore, their IT-security defences are low, making them easy prey for cyber criminals.
Confidential information that may be obtained during a breach of information security can result in the use of that information for fraud, identity theft, extortion against the law firm, and defamation. Sharing of that information over social media sites may result in breach of privacy or provide further access into the law firm’s private records.
Simply being accused of a cyber-breach can negatively impact a law firm and its lawyers both professionally and financially. Losing control of confidential information can quickly undermine a firm’s reputation, destroying clients’ and public trust.
Ignorance can be expensive
Often, firms assume that since cyber liability is a form of theft, they are covered by the theft and criminal activity coverage in their existing policies. Unfortunately, this is not the case and this misunderstanding has left firms responsible for resulting expenses related to cyber liability. These costs can include the management of the incident, the investigation of the cause, legal costs, regulatory fines, third party damages and costs associated with the mandatory notification to affected parties.
What to look for in coverage
Policies vary but should include coverage for expenses incurred as a direct or indirect result of a breach of privacy, including legal and public relations expenses, cyber extortion, and business interruption.