Skip to the main content.
What Size Law Firm Are You?

We've crafted solutions tailored to your firm

Insurance Glossary

The world of insurance for law firms can be confusing, and difficult to navigate. We've created this glossary because these common insurance terms should be easy to understand.

← Blog Home

We Don’t Keep Client Personal Info, So We Don’t Need Cyber Coverage, Right? Wrong!

2 min read

We Don’t Keep Client Personal Info, So We Don’t Need Cyber Coverage, Right? Wrong!

Lawyers often share with us that, as they see it, they really don’t need a cyber liability policy.  They seem to base this conclusion on the fact that they believe they are not subject to the HIPPA regulations or their state’s breach notification laws and/or that they intentionally don’t store much in the way of personally identifiable information about their clients.  The interesting question is, are these lawyers correct in their thinking?  One could make that argument if viewing the theft of personally identifiable information of your clients as the only cyber risk worth insuring against.

Sandwich board with Now Open! sign stating ALPS now offers comprehensive law firm protection with business insurance

The problem with that line of thinking is that it ignores all the other cyber risks, several of which, at least in my mind, are every bit as concerning as the theft of personally identifiable information of clients.  Consider this. Firms routinely have insurance in place to cover losses due to a fire, flood, or another catastrophic event because they know that after such events their ability to provide the legal services they agreed to provide are going to be greatly impaired.  A ransomware or wiperware attack can be every bit as severe and potentially even worse.  As a reminder, and at a minimum, ransomware encrypts your data and wiperware permanently destroys your data. Certain types of cybercrimes fit the catastrophic loss category. Failing to understand that,  and thus deciding to go bare on this type of risk is a major insurance coverage misstep if you ask me.

Of course, cyber criminals have also been quite successful in stealing money from law firms of all shapes and sizes, including a number of solo firms.  There are a variety of attack vectors in play and the methods cybercriminals use can be quite sophisticated.  Here again, the potential loss just from wire fraud could be devastating.

While Ransomware, wiperware, and theft of funds are risks that in and of themselves justify serious consideration of cyber liability coverage, I’d like to share one other concern.  While some firms don’t keep much in the way of personally identifiable information of their clients, they usually still maintain some; and some isn’t the same as none.  And what about all the personally identifiable information of everyone who works at a firm, including your own?  Your obligation to protect personally identifiable information isn’t limited to just clients.

Cyber liability insurance isn’t just about insuring against the theft of personally identifiable information of clients.  That’s only one of the many cyber risks all lawyers face.  So, if something I’ve shared above motivates you to take a second look at cyber liability coverage, that’s a good thing.  Just be aware that cyber liability polices differ widely in terms of the coverage they offer.  You’re going to need to devote a little time to look for coverage that appropriately addresses the cyber risks that concern you the most.

printfriendly-pdf-button-nobg-md-Nov-01-2022-08-44-54-4335-PM

 

Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.

How To Start Drafting an Electronic Document Retention Policy

3 min read

How To Start Drafting an Electronic Document Retention Policy

I suspect more than a few law firms, particularly in the solo/small firm space, have yet to take the necessary time to draft and write up a...

Read More
Do Lawyers Need to Be Concerned About Deepfakes?

3 min read

Do Lawyers Need to Be Concerned About Deepfakes?

The short answer is yes, everyone does; but the reason lawyers need to be concerned requires a longer explanation. What is a deepfake? The word...

Read More
Why Effective Client Communication Is all About Details and Documentation

6 min read

Why Effective Client Communication Is all About Details and Documentation

ABA MRPC Rule 1.4 Communication seems clear on its face. Attorneys are to keep clients reasonably informed about the status of their matters as well...

Read More