Imagine you have a client in a high-profile case who discovers in the morning he’s scheduled to take the stand that he has been doxxed in the press. Do you have a cybercrime protection plan?
What Is Doxxing?
On the off chance you don’t know, doxxing refers to the public disclosure of people’s personal information (home address and phone numbers) as well as private facts about their lives (including past imbroglios, proclivities, politically incorrect opinions, shady dealings, and worse—you know, the standard political strategies of our current society) in order to foment community outrage, induce loss of credibility, or even provoke mob violence.
The doxxing of your client in this hypothetical adversely impacts your case and influences the finders of fact to find against your client.
Now imagine that, later, your justifiably angry client hires forensic experts to figure out how the doxxing was facilitated, and—of course!—the evidence points to you.
More specifically, it points to a breach of your law firm’s computer system. And that means you’re in trouble. Major trouble.
Cyber Crimes on the Rise
Your ethical and legal duty as a lawyer is to safeguard confidential client data collected and stored on your computers. That, however, is becoming harder and harder to do: according to a May report from analysts at Fitch Ratings, the incidence of data theft and related cybercrimes have gone up in the last few years.
Want specifics? According to Fitch, claims triggered by cybercrimes are up 100 percent since 2018; in 2021 alone, insurers paid out on 8,100 cybercrime-related claims—and that’s not counting all those still working their way through the adjustment pipeline.
Still, you might be tempted to think that, with numbers like those, your risk of falling prey to cyber attacks is low.
I’m here to disabuse you of that idea.
How Can You Increase Cybercrime Protection?
The fact is—and it’s one substantiated by the trend watchers at Fitch—cybercriminals are increasingly sophisticated and determined. So, the chances of them someday cracking your system are not insignificant. More and more, it’s a question of when not if.
Get Cyber Insurance
All of which leads to the big point I want to make. Malpractice insurance and general liability insurance cannot protect you from the full consequences of a cyber theft that results in harm to your clients.
Again and again, I’ve seen firms make the mistake of believing they are adequately covered against data breaches and the like by their existing general liability and malpractice policies, only to discover after a cyber heist that they are partly or completely unprotected.
This is why I recommend law firms develop a multilayered approach to defending against these sorts of incidents. The layers are made up of various cyber insurance, strategies, tactics, and products to deter the bad guys.
I’m talking about things like endpoint detection, dark web monitoring, two-factor authentication, multiple backups, disaster recovery plans, super-strong passwords, always locking your system every time you step away from your desk, and much more.
However, one of the layers in this multilayer approach must consist of a quality, comprehensive cyber insurance policy.
A cyber insurance policy is coverage specifically crafted to protect your firm if confidential client data and work products are stolen or lost.
Some insurers write policies covering cyber crimes while others do not. Such policies account for less than 1 percent of the total market.
However, the best cyber insurance carriers do more than give you a policy. They also help you identify the strengths and weaknesses of your current approaches to safeguarding data, then work with you to improve security.
What to Look For in a Cyber Policy
When you shop for a cyber insurance provider, the first thing to do is get a handle on whether the candidate actually understands the nuanced coverage requirements of a law firm like yours.
Then make sure the insurance company you’re considering covers the right things. In the case of a law firm, the right things include mitigation of losses from data breaches, business interruptions, and network damage.
It also includes coverage of the costs associated with notifications to clients and others affected by a cybercrime incident, as well as the costs of conducting credit monitoring, paying civil damages, hiring computer forensics experts, and repairing reputational damage.
Also, take a look at the candidate’s customer-support offering. Ideally, it should be available around the clock (since cyber crooks don’t usually punch in at 9 a.m. and then call it quits at 5 p.m., Monday through Friday).
Lastly, compare the price of premiums. As a lifetime student of the school of smart consumerism, you already know that the goal here is to find the insurer offering the best coverage for the lowest cost.
(As a cybersecurity consultant and vendor, I’ve evaluated on behalf of my clients many companies that offer cyber insurance coverage. I must say that the one provider that meets all the requirements I listed above is Embroker. Our clients receive 10% off their premiums when using Embroker for their cyber insurance. Read more about that on our page about cyber insurance.)
Because you are a lawyer, you have an obligation to protect client information. If your law firm relies on the internet, wireless connections, mobile devices, laptops, or any technology, you are vulnerable—and increasingly so—to a potentially costly cyber exposure.
Consequently, the time to obtain cyber insurance is now, before you are hacked, phished, vandalized, or held as a ransomware hostage.