From the White House to Congress and from Wall Street to the mom and pop storefront on Main Street, the issue of cybersecurity is one that is here and here to stay. Hacking computers is no longer a “cottage industry” or something done by lone disgruntled individuals or teenagers in their parents’ basement. This is now a criminal endeavor that is highly organized and getting more sophisticated each week. An article (Cyber Situations) in the magazine Best’s Review (April 2013) points out, the new breed of cyber criminals does not discriminate between large and small companies. As long as you have personally identifiable information in your database, whether internal server or cloud based, that information is at risk.
Obviously the best defense is a good offense as the saying goes, including ongoing staff training in the ever evolving cyber threats law firms or other businesses face. There is no easy solution, but a diligent IT department and well-informed C-suite and senior and risk management staff can certainly facilitate the research and deployment of prudent firm data security policies and procedures. But what if a breach does occur?
Cyber liability insurance, while relatively new to the law firm market, is emerging as an important component of a firm’s overall liability coverage. Client data, including social security numbers, credit card and other financial accounts, notes from attorney-client conversations, business transactions, etc., is enticing information that can be sold to illegitimate parties looking to make a quick profit or to exploit persons or businesses. Even the process of completing a law firm cyber insurance application can be enlightening, pointing out potential data security holes in a firm’s database, website, or portable devices such as smartphones, notebooks, and laptops used on the road or in the courtroom.
For perspective on the vulnerability of law firm data, the 2011 International Legal Technology Association (ILTA) Survey (pdf) indicated that 87% of law firms do not encrypt laptops; 61% have no intrusion detection tools; 64% have no intrusion protection tools; and for firms that purchase iPhones and Androids for employees, 94% don’t bother to track them. Not good for an industry that harbors highly sensitive information.
An online article by Minda Zetlin on Inc.com (5 Reasons You Should Have Cyber Liability Insurance) brings home the argument that cyber liability insurance just isn’t for big businesses; that it totally makes sense for small business owners to get. If you get hacked, if customer or employee data is compromised, being covered may save your bacon and keep your doors opened for business as your general liability policy probably excludes losses because of the Internet, laptops, and mobile devices.
“Big corporations have entire departments devoted to analyzing the risks the company could face and helping set policies and procedures to protect against them. You don’t–but a good insurance carrier can perform a similar function.”
In this age of not if, but when a cyber breach occurs, law firms need to take the issue of cyber security and cyber liability extremely seriously, no matter if you’re a solo in Des Moines or a C-suite partner in Los Angeles.
Note: A component of the ALPS comprehensive Lawyers’ Professional Liability Insurance coverage, ALPS Cyber Response was designed by cyber risk experts specifically for attorneys and is available with an ALPS LPLI policy on an opt-out basis.
Kiffin Hope is a freelance digital marketing and social media strategist. He blogs on all things cyber, tech, and emerging trends in digital.