Lawyers need insurance too: cyber liability insurance

By Charles Coffey, The Bar Plan Mutual Insurance Company 

This is the second article of a three-part series from The Bar Plan Mutual Insurance Company. The first part (about legal malpractice insurance) ran Dec. 15 and the third part will run Jan. 12, 2022. In the series, the author will describe the common types of insurance that lawyers and law firms should consider purchasing. The coverages included in this series are by no means an exhaustive list but are intended to provide you with a starting point to determine the coverages that are necessary for you and/or your firm.  

Cyber liability insurance 

Coalition, one of the largest providers of cyber insurance in the United States, reports that cybercrime “is increasing like never before.” The most common claim Coalition sees is business email compromise, with the average claim costing $37,000. Funds transfer fraud was the next most common, with the average amount of funds stolen being $247,000. Ransomware incidents have also increased, with the average ransomware demand being a whopping $1.2 million and the average ransomware claim costing $184,000. 

Most notably, Coalition reports that attacks are becoming increasingly automated, so it’s easier and more profitable for attackers to target medium and small businesses. Claims made against business with under 250 employees increased 57% from the first half of 2020 to 2021, according to Coalition. 

Business and tax consultant firm PBMares has a great summary of the common coverages to look for in a cyber liability policy here. At The Bar Plan, we recommend that you consider the following factors when assessing cyber liability coverage:  

• Does the policy provide full unknown prior acts coverage? 

• Are there separate limits for breach event costs (such as notification to clients) and additional defense costs (such as attorneys’ fees for any suit brought against you)? 

• Is there coverage for data that is stored with third parties? 

• Is the coverage worldwide? 

• Does the policy include proactive breach response costs and voluntary notification? 

• Does the policy cover the cost of providing credit monitoring services, identity theft assistance services, credit or identity repair, and restoration services to affected parties? 

• Does the policy provide system failure coverage, and does it apply to voluntary shutdowns that are necessary to protect your data? 

• Does the policy’s property damage exclusion apply to electronic data (you do not want it to)? 

• Does the coverage apply to breach of corporate information of all types? 

• Does the policy cover acts committed by rogue employees? 

• Does the policy cover privacy claims brought by employees? 

• Is there an extended reporting period on the policy? 

Most cyber liability policies provide first and third-party coverage. First-party coverage protects you from damages incurred by cyber liability events, while third-party coverage protects your clients and others affected by a cyber event. In that regard, consider whether the policy you’re looking to purchase includes the following types of coverage in each category. 

First-party coverage components 

• Breach event and remediation costs 

• Damages to your brand/reputation/image 

• System failure(s) 

• Cyber extortion (ransomware) 

• Cybercrime (fraudulent funds transfer) 

• Complete failure/loss of electronic equipment 

• Property damage loss 

• Payment of a reward for the provision of information 

• Court attendance costs 

• Business Interruption 

Third-party liability coverage components 

• Multimedia liability (copyright, libel, slander, etc.) 

• Security & privacy liability (the failure to protect a customer’s information) 

• Regulatory defense and penalties (fines and defense expenses from regulatory agencies) 

• PCI DSS (Payment card industry data security standard) liability 

• Bodily injury liability 

• Property damage liability 

• A TCPA (Telephone Consumer Protection Act) defense 

The cost of cyber liability insurance has risen dramatically over the past year. However, as demonstrated above, the potential liability is great. There are many cyber liability products in the market, both from traditional insurance companies and new “insurtechs” that leverage technology to write cyber liability policies with the backing of larger, established insurance companies. It is worth talking to a few different entities about cyber liability insurance until you find one that meets your needs. 

The Missouri Bar has assembled scores of resources for members looking to protect a practice. Members can learn more about the insurance options available from Missouri Bar member benefit providers here. The Bar Plan is a proud Missouri Bar member benefit provider and the only endorsed carrier of Professional Liability Insurance for The Missouri Bar.