Carphone Warehouse are the latest corporate victim of cyber crime.  A cyber-attack via one of the companies websites enabled hackers to access personal details of over 2 million customers, including encrypted credit card details of around 90,000 people.  The company is already facing the fallout from angry customers critical of their handling of the incident.

Data security breaches in smaller firms are more prevalent.  According to PWC's Information Security Breaches Survey (¹⁾, 76% of small businesses admitted to a security breach in the last year (20% losing confidential data).

Do you need cyber insurance?

Inadvertent data breaches caused by human error remains the biggest risk for your data security.  But this isn't a cause for complacency:  cyber crime costs SME businesses in the UK around £800m a year – and the threats are only increasing.

So the question remains, for many law firms:  do we really need a cyber policy?

If you can answer yes to the following questions then you are likely to benefit from a cyber policy.

1. Do you hold personal or confidential client data? Email addresses and telephone numbers are a saleable commodity.
2. Do you transact on-line with customer or business partners (submitting stamp duty land tax applications for example)?
3. Do you use off-site 'cloud' software solutions in your business (many email systems, document management and other legal software solutions are 'in the cloud')?
4. Would you need professional support in the event of a major data-security breach? (many firms rely on specialist consultants to manage reputational damage and get the business back up and running securely after a major security breach).

Law firms hold sensitive, personal and confidential information, and routinely handles substantial  sums of money. This makes you attractive to the cyber criminal looking for an easy target.

Perhaps you 'don't do business online', or are 'not a high profile multinational with high net worth clients'.  That doesn't matter to cyber criminals.

Even if you don't transact online (and do you really not submit stamp duty land tax applications online, or use online banking?) you probably use email, and you may even use off-site 'virtual' computer systems to store data.  Many people use cloud services without even realising it for example  Hotmail, yahoo mail and g-mail; smart-phone apps; drop-box; along with various proprietary legal software solutions.

Key benefits of a cyber policy

Cyber insurance policies include cover for both third party and first party losses.  Cyber policies arranged through Lockton will provide you with rapid access to trusted experts in cyber crime recovery – helping you get back up and running quickly with least reputational damage.

Security Liability:  provides cover to pay costs arising from a breach of duty to protect confidential information, in both electronic or non-electronic form.

This includes the failure to protect against anticipated security threats, including the failure to protect against unauthorised access to or physical theft of hardware or firmware, or any liability associated with the transmission of computer viruses.

Privacy Liability:  provides cover to pay costs arising from violations of privacy laws and regulations whether relating to clients, third parties or staff.

Privacy Regulatory Defence and Civil Penalties cover:  may include compensation awarded by the regulator, civil penalties or fines, to the extent insurable by law.   This may arise from a breach of privacy caused by the insured or the outsourced providers of the insured.

Security Event Costs: reimburses costs for:

• notifications to clients regarding the breach
• legal experts (to determine the applicability of any local or international laws and regulations and the insured's obligations under such laws and regulations);
• computer forensic experts (who will investigate both the cause and extent of the breach);
• credit protection services for affected individuals; and
• crisis management teams (such as public relations managers or call centres to deal with the reputational impact of a breach and handling enquiries from concerned individuals).

More than Insurance

Insurance is only part of the story.  Protecting your data and your clients' data starts with risk awareness within the firm, and robust processes and procedures.

Our upcoming webinar on Information Security and Fraud should form part of your awareness training for staff.

You can also attend the Law Society's Finance & Business Conference, to be held in November, which this year has a particular focus on cyber risks and cloud computing solutions.

To discuss your information security and cyber risks in more detail, contact us to speak to one of our specialist team.

¹ http://www.pwc.co.uk/en_UK/uk/assets/pdf/olpapp/uk-information-security-breaches-survey-executive-summary.pdf