The short answer is yes. The common thought most law firms have is, “I’m too small a fish to worry about being hacked . . . there are bigger fish to fry.” The truth of the matter is size doesn’t matter. Large fish might garner the specific attention of the hacking industry (yes, it is an industry) but most hacking is random or is the result of a mistake made by any one of us individually. What kind of mistake? Answering a phishing email. Clicking on the wrong link. Opening an email from someone we know whose computer has been hacked. Regardless of how it might happen, understand that it happens and you are not too small to be the unfortunate one.
What are the ramifications? Each state has data breach notification requirements that you must follow to not just minimize the fallout but also to notify those whose information may have been compromised. The cost in both time and dollars to comply with the regulations regarding the breach are considerable regardless of whether or not anyone actually suffers a harm.
Hackers are interested in the information you have about your clients. Studies reflect that law firms in general have major data security inadequacies. It is expensive to employ security sufficient to deter hackers should they find a path to your computer system. Nonetheless, you could very well be held responsible should a breach occur regardless of the cost of that security on the front end. If you do not have the financial wherewithal to address the breach after it occurs, you have double the trouble. While being able to afford security on the front end may be prohibitively expensive, that fact makes the affordability for cyber insurance much more palatable to deal with the problem. In this day and age, you cannot afford not to have cyber insurance in place. One additional consideration, generally speaking, is that your lawyers’ professional liability policy will not cover a breach. ALPS offers a cyber security policy to our lawyers’ malpractice insurance policyholders at a low, per-attorney rate without a separate application. This policy was designed specifically for law firms in partnership with Beazley Insurance, a leader in cyber security protection.