Florida Tech University has just released an Info Graphic that underscores the need for all of us to remain diligent in our efforts to keep our home computers, our office computer networks, and our mobile devices secure. Here is a sampling of what was reported. Over 1 million adults become victims of cybercrime every day - that’s a rate of 14 per second. 41% of business that experienced a breach reported that the cost of the breach exceeded $500,000. Finally, laptops and mobile devices are the two types of devices most frequently targeted. Taken together, the information shared in this Info Graphic is alarming. Clearly the necessity of taking actions such as using strong passwords, installing robust security software on all devices, encrypting confidential data, only using secured wireless networks, and keeping current on all critical software patches that are released are more important than ever. The question now becomes are such efforts enough? Unfortunately, no they are not.
In spite of the security precautions many routinely take, computer breaches will continue to occur. Law firms that have taken steps to secure their systems have still become victims of cybercrime. Consider the following. A number of firms have reported that a trusted firm employee (which includes attorneys) either unintentionally downloaded an infected file from the Internet or was tricked into opening an email that carried a malicious payload. Other firms have had problems as a result of the loss, theft, or misuse of a backup hard drive, a laptop, a smart phone, a jump drive, and even a number of computer tablets. The fallout of these kinds of events can truly be significant. As a result of cybercrime firms have already had money stolen from client trust accounts, client confidences lost, and/or found that personal information such as social security numbers and credit card numbers of employees and clients were now in the possession of someone else. Should this ever happen to you, what would the costs be and would your existing insurance cover it? As previously suggested, the costs can be significant and for far too many the answer to the coverage question would be no. Malpractice policies and most general business insurance policies offer little to no coverage for cybercrime loses, thus the coverage gap.
We can consider how the costs might add up by looking at some of the exposures that can arise as a result of being the victim of a cybercrime. There might be the direct losses such as business interruption (your network may not be available for a week or two) and data recovery as well as having to replace any stolen client funds. Then there are the incident management expenses such as the costs associated with the hiring of a forensic team in order to investigate how the breach occurred and to clean up the mess left behind coupled with a potential need to hire a public relations firm. If this weren’t enough, 46 states have breach notification laws in place that one must comply with and compliance can be quite expensive if a significant number of individuals must be notified post breach. The good news is that the risk of incurring such losses can be properly covered by the purchase of cyber liability insurance which is becoming more widely available.
Be aware, however, that the costs for cyber liability insurance can vary greatly based upon desired limits and the specific coverages offered. Relatively speaking, this is a newer insurance product and the pricing and product will continue to evolve and change as the cyber liability marketplace matures. By way of example, a few cyber liability policies will cover the theft of client funds while many others will not. Those that do will cost substantially more. For those policies that don’t, one might consider the addition of a separate crime policy if this type of coverage is desired. In the end, no one will ever be completely risk free when it comes to becoming another cybercrime statistic. The world is simply too wired now. The good news is that with the addition of cyber liability coverage this risk can be appropriately managed.
Mark Bassingthwaighte, Esq. is a Risk Manager with Attorney’s Liability Protection Society, Inc. (ALPS). In his tenure with the company, he has conducted over 1,000 law firm risk management assessment visits, presented numerous continuing legal education seminars throughout the United States, and written extensively on risk management and technology. Mark received his J.D. from Drake University Law School and his undergraduate degree from Gettysburg College. He can be contacted at firstname.lastname@example.org.