With the rise of cyber-crime one of the growing mitigating factors has been that of cyber insurance. Cyber insurance is an insurance product that covers the policy holder against internet related risks and information technology infrastructure risks. As a mitigation strategy it must be seen as part of a firm’s overall cyber security strategy. However many firms are not even taking the first step in relation to cyber-attack mitigation as they fail to consider the appropriateness of cyber insurance for their practice.

You’re hacked: the need to have a cyber breach mitigation strategy

Lawyers who are victims of cyber-crime can rightly feel that they could be held to have failed to take reasonable steps when it comes to protecting firm and client information. As a consequence this leads to some lawyers thinking that if they did become victim to a cyber-attack they would just not tell anyone. This however is a head-in-the-sand approach to the problem. Law practices should be able to have full and frank conversations with their insurers in the aftermath of a cyber breach so they can implement their predetermined mitigation strategy that is both strategic and appropriate.

Consider the cyber insurance that is right for you

In many cases cyber insurance products are new and evolving. Both consumers and insurers are still finding their way in this domain and as such caution needs to be taken when considering the type of protection that is right for your practice. As cyber-crimes take on many forms there is a need for policy holders to be aware of what they require from their insurance coverage. Assistance could be required in relation to:

• Direct losses occasioning from a cyber-attack.
• Indirect losses due to interruption to critical systems and services.
• Any post-attack expenditure such as hiring computer forensic experts, credit-monitoring services and communication managers.

Lawyers also should be aware that their current insurance polies may not cover them when it comes to cyber-attacks. In many policies there are specific carve out clauses in relation to cyber incidents. Lawyers need to make themselves aware of the issues that their practice face in relation to cyber-attacks so that the right policy can be obtained. If the lawyer is unsure about any of the issues then they should consult with technology and insurance professionals, as well as their insurance broker, so that an informed decision can be made.

Cyber-crime is a current and growing threat. Thinking you will fall between the cracks will not cut it anymore. Lawyers are attractive targets to the sophisticated cyber criminals. Appropriate cyber insurance is an essential part of any cyber-crime mitigation strategy

Take home messages

• Lawyers need to get their cyber security strategies ready now. Cyber breach mitigation is part of an overall cyber strategy.
• Review all your current insurance policies and find the gaps in your coverage. If you are not sure about any issue, ask for help.
• Do not make the ‘post-cyber-attack time’ the first time you look into cyber insurance. Do it now.