Why cyber insurance is critical for legal organizations
Maintaining trust and security is a major concern for most professional service organizations and is especially true for those in the legal industry. Many legal organizations prioritize data privacy and cybersecurity to help avoid costly breaches and incidents that could damage their reputation or way of doing business.
Legal organizations operate based on competency, trust, and confidentiality. As part of the duty of competent representation, lawyers are ethically bound to become and remain technologically competent, which includes keeping up with changes in technology or data protection laws that may affect their practices. Legal organizations are also bound to protect client privilege and confidentiality. A breach or security incident that is handled improperly can have major implications that go beyond direct expenses and cross into cyber liability and in some cases professional liability territory, underscoring the importance of strong security controls and cyber insurance.
How bad could one small security incident be?
$113,000
Average cost of a cyber claim for legal organizations
53%
Percentage of cyber attacks originating from email inbox
$183,000
Average ransomware loss for legal businesses
Unique exposures for legal companies
How essential technologies can create cyber risk
Client portals
These platforms enable lawyers to securely share documents, messages, and invoices with clients. Unauthorized access of a client portal could compromise sensitive information and lead to additional cyber events.
Customer relationship management (CRM) systems
CRM systems are used to support business development activities. Containing client data and confidential corporate information, CRM systems could be compromised and leveraged for malicious purposes, resulting in a data breach.
Document management systems
These software platforms are used to store and handle a large volume of shared files. However, a compromise could expose sensitive data and cause serious disruptions due to the volume and potentially sensitive nature of the information in these systems.
eDiscovery tools
These tools can save time and effort when reviewing large volumes of information, but the potentially sensitive nature of the data means unauthorized access could have data privacy and business interruption implications.
Business email compromise (BEC) is a frequent cause of cyber insurance claims for legal organizations, which can trigger data breaches, business interruption and even reputational damage.
Law practice management software
These systems are used to manage operations, such as scheduling, billing, and payments. A breach could cause serious disruption and expose payment information, corporate confidential data, and client data.
How sensitive data can increase business liability
Corporate confidential data
Corporate law firms may have access to internal operations data, intellectual property, or trade secrets. Mishandling or leaking corporate confidential data can cause significant damage to the data owner.
Financial data
Collecting and processing financial information requires adherence to industry standards. Mishandling or unauthorized disclosure of financial data can cause direct harm to clients and even trigger industry and regulatory investigations.
Personally identifiable information (PII)
PII is any data that can potentially identify a specific person. PII can be used to launch cyber attacks or gain access to networks to initiate attacks. Organizations that mishandle PII or fail to respond to a data breach appropriately can be subject to fines, penalties, and other financial damages.
Protected health information (PHI)
Many law firms collect or access PHI, and some operate as HIPAA business associates, which means they carry additional data protection and reporting requirements if an actual or suspected data breach occurs.
For more insights, download our complete guide:
Business impacts for legal companies
What to expect after a cyber incident
Direct costs to respond
Responding to a cyber event typically requires numerous direct costs, also known as first-party expenses. If a legal organization experiences BEC and sensitive data is involved, it can trigger a need for additional legal counsel, forensic investigation, victim remediation, and notification. Simple investigations can cost tens of thousands of dollars, while more complex matters can increase costs exponentially.
Liability to others
The evolving data privacy landscape can be difficult to navigate, and many law firms can face new and unexpected exposures after a cyber event. Even with strong contracts, policies, and best practices in place, a data breach or security failure can trigger liability to third parties and expose an organization to regulatory investigations and legal action from victims.
Business interruption and reputation damage
A cyber event that impacts essential technology can have a significant impact on a legal organization's ability to operate and can be highly visible to clients, customers, and other stakeholders. Every hour of disruption can lead to direct loss of revenue and inhibit a law firm’s ability to support clients, negatively impacting client retention and acquisition.
Cybercrime
Beyond ransomware and data breaches, cyber events can result in financial theft for a law firm or its clients — often without an actual breach. If an attacker dupes someone in the billing department to alter payment instructions, a legal organization can lose tens or hundreds of thousands of dollars almost instantly. Attackers can also gain access to email accounts and send fraudulent invoices or payment instructions to clients, customers, and other third parties.
Recovery and restoration
After a cyber event, resuming operation is no easy task. If an attacker damages or destroys essential technology, data, or physical equipment, a legal organization may need to bring in external support or purchase new equipment to re-secure systems. Full remediation, restoration, and recovery can take a significant amount of time, when possible, and may require purchasing new software, systems, and consultants to rebuild the network.
CYBER INSURANCE BUYER’S GUIDE
Choosing the right cyber coverage for your business
Cyber insurance is an essential aspect of modern risk management, offering coverage for the losses associated with data breaches, cyber extortion, business interruption, and other cyber-related incidents.
Coalition created a Cyber Insurance Buyer's Guide to help businesses navigate the complex cyber insurance market and confidently select the right coverage for their business.
Already a policyholder?
Log in or activate your Coalition Control account, our policyholder risk management platform, to manage your business’s risk profile.
Les produits Coalition sont offerts avec la sécurité financière d’Allianz Group* (cote A.M. Best A+), Arch Specialty Insurance Company (cote A.M. Best A+), Ascot Group** (cote A.M Best A), Fortegra Group (cote A.M. Best A), Lloyd’s of London (cote A.M. Best A+), Vantage Risk Specialty Insurance Company (cote A.M. Best A) et Chaucer Insurance Company DAC (cote A.M. Best A).
