Imagine you have a client on a high profile case who finds out in the morning that he is scheduled to take the stand that he has been misled in the press. Do you have a cybercrime protection plan?
What is doxing?
In case you don’t know, doxxing refers to the public disclosure of people’s personal information (home address and phone numbers) as well as private data about their lives (including past affairs, inclinations, opinions politically incorrect, shady deals, and worse, you know, the standard political strategies of our current society) to foment community outrage, induce loss of credibility, or even provoke mob violence.
Doxing your client in this hypothetical case negatively impacts your case and influences fact finders to rule against your client.
Now imagine that, later on, your justifiably angry client hires forensic experts to find out how the doxing was facilitated, and of course, the evidence points to you.
More specifically, it points to a breach of your law firm’s computer system. And that means you’re in trouble. Big problem.
Cyber crime on the rise
Your ethical and legal duty as a lawyer is to safeguard confidential client data collected and stored on your computers. That, however, is becoming increasingly difficult to do: according to a report in May Fitch Ratings analysts, the incidence of data theft and related cybercrimes have increased in recent years.
Do you want details? According to Fitch, cybercrime claims have increased 100% since 2018; In 2021 alone, insurers paid out 8,100 cybercrime-related claims, and that’s not counting everyone still making their way through the adjustment pipeline.
Still, you may be tempted to think that with numbers like these, your risk of falling victim to cyberattacks is low.
I am here to disabuse you of that idea.
How can you increase protection against cybercrime?
The fact is, and it’s corroborated by Fitch’s trend watchers, that cybercriminals are becoming more sophisticated and determined. Therefore, the chances of one day cracking your system are not negligible. Increasingly, it is a question of when not if.
Get cyber insurance
All of which leads to the big point I want to make. Malpractice insurance and general liability insurance cannot protect you from the full consequences of a cyber theft that harms your customers.
Time and time again, I have seen companies make the mistake of believing that they are adequately covered against data breaches and the like by their existing general liability and negligence policies, only to discover after a cyber theft that they are partially or fully unprotected.
This is why I recommend law firms develop a multi-layered approach to defending against these types of incidents. The layers are made up of various cyber insurance, strategies, tactics, and products to deter bad guys.
I mean things like endpoint detection, dark web monitoring, two-factor authentication, multiple backups, disaster recovery planssuper secure passwords, always locking your system every time you leave your desk and much more.
However, one layer of this multi-layered approach must be a quality, comprehensive cyber insurance policy.
A cyber insurance policy is coverage specifically designed to protect your business in the event of theft or loss of sensitive customer data and work products.
Some insurers write policies that cover cybercrime, while others do not. Such policies represent less than 1 percent of the total market.
However, the best cyber insurance companies do more than just give you a policy. They also help you identify the strengths and weaknesses of your current approaches to protecting data, and then work with you to improve security.
What to look for in a cyber policy
When looking for a cyber insurance provider, the first thing to do is determine if the candidate really understands the nuanced coverage requirements of a law firm like yours.
Then make sure the insurance company you’re considering covers the right things. In the case of a law firm, the right things include mitigating losses from data breaches, business interruptions, and network damage.
It also includes coverage for costs associated with notifying customers and others affected by a cybercrime incident, as well as the costs of performing credit monitoring, paying civil damages, hiring computer forensics experts, and repairing damage to the reputation.
Also, take a look at the candidate’s customer support offering. Ideally, it should be available 24 hours a day (since cybercriminals don’t typically break in at 9am and then shut down at 5pm, Monday through Friday).
Lastly, compare the price of premiums. As a lifelong student of the school of smart consumerism, you already know that the goal here is to find the insurer that offers the best coverage at the lowest cost.
(As a cyber security consultant and provider, I have evaluated on behalf of my clients many companies that offer cyber insurance coverage. I would have to say that the only provider that meets all the requirements I mentioned above is Embroker. Our clients receive 10% of discount on your premiums when you use Embroker for your cyber insurance. Read more about that on our cyber insurance page..)
Because you are a lawyer, you have an obligation to protect client information. If your law firm relies on the Internet, wireless connections, mobile devices, laptops, or any technology, you are vulnerable—and increasingly so—to potentially costly cyber exposure.
So now is the time to get cyber insurance, before you get hacked, stolen, vandalized, or held hostage by ransomware.
