‘Legal Aid Agency cyber-attack: lawyers bogged down by unpaid admin work’ This is the title of an article published, week commencing 21st July in the Law Gazette
Unless you have purchased a cyber policy it is almost inevitable that you are on your own with any losses arising from attacks, hacking, phishing and other IT outages. With so many law firms now relying on systems, here is what to worry about;
Cover | |
Fee earner accidentally mails personal information to incorrect recipient | No |
Data breach requiring notification to the DPO and regulatory defence | No |
Cloud service provider outage – firm cannot process (they do happen) | No |
Loss of client money | Yes – PI covers |
Financial losses of affected clients following data leak | No |
IT systems outage due to attack affecting income/inability to operate | No |
Cost of repairing systems damaged by an attack | No |
Identity theft losses | No |
Reputational damage losses | No |
The SRA requires firms to carry a policy on risk which addresses things such as these, and if you don’t purchase coverage they should by rights be included as risks which are not contained.
Law firms purchase office policies which include a business interruption section based on damage to premises or contents – this is now redundant, and firms should focus on the critical area of securing their IT and data.
With Marks and Spencer and Co Op being the most high profile recent casualties, CTS and large law firms have also featured. Cyber policy premiums are cheap by comparison with firms PI protection, but some policies exclude pre existing viruses, so the protection may not operate. It is possible to purchase cover without this exclusion however. If your broker has not explained these gaps in your cover, we can arrange for this to take place.
Contact QPI ltd t/a Quality PI for a review.
Read the full Law Gazette Article here: Legal Aid Agency cyber-attack: lawyers bogged down by unpaid admin work