It’s important to know what cyber liability insurance covers and what will happen to your premiums if you report a breach.
Law firms depend on technology and the internet. This dependency creates a business risk not covered in standard business owners insurance policies and only partially covered in professional liability policies. Inadvertent disclosure of the PII law firms gather and transmit creates the possibility of identity theft.
What additional coverage beyond a business owners policy or a legal professional liability policy would help?
Joe McCarthy, vice president of claims and underwriting at Wisconsin Lawyers Mutual Insurance Co. (WILMIC), says the type of policy WILMIC now offers includes three types of coverages:
- Breach notice coverage, which provides coverage for costs incurred by a lawyer or law firm to comply with Wisconsin’s privacy-breach-notice law, as well as notice-fulfillment services and credit and fraud monitoring for clients whose confidential information has been lost or stolen;
- Privacy liability coverage, which covers third-party liability for loss of personally identifiable information; and
- Security breach liability coverage, which covers third-party liability and damages from computer security breaches such as virus and hacker attacks that have been transmitted to a third party from a law firm computer.
Ransomware coverage is expected to be added to cyber policies in the future, including the policy WILMIC offers. Ransomware emails are increasingly becoming a security risk, especially for law firms. Ransomware coverage provides assistance by a consultant to attempt to free a law firm computer system, if possible, of ransomware and restore system functionality. If that is not possible, the coverage provides expertise to restore the system to functionality from the latest backup, if one is available.
McCarthy says that at the very least, lawyers should make sure they know what’s at risk. “If our policyholders and all Wisconsin lawyers are better educated about how to prevent security breaches, this risk can be better managed.”
Some cyber liability carriers also offer media, extortion, and business-interruption coverage.
If you think you have a security breach and want to make a claim, the claims process begins as if the lawyer were calling a 1-800 help line. Under the policy offered through WILMIC, the insurer and its vendors do the rest. As McCarthy notes, “As a lawyer, you do not want to handle a breach without expert help.”
The insurance carrier takes the initial crisis call and documents the nature of the event. Then, the insurance provider’s staff of experts walks the lawyer through the claims-handling process and what he or she should do to assist. The insurance provider also offers an on-call hotline service for victim crisis management, personalized and dedicated case management for the duration of the resolution process, certified privacy and fraud experts, custom training, education and marketing services, forensic services, notification mailing, and credit and fraud monitoring.
A third-party claim would be handled by a lawyer with extensive cyber breach experience.
Finally, the policy also provides an online training module. This can be especially helpful for solo practitioners, who may not have the budget for IT staff.