Cybersecurity insurance: Does your law firm need it?

October 29th, 2021
Cybersecurity insurance: Does your law firm need it?

No law firm in New York and beyond is completely safe from data security incidents, so it pays to be prepared for them at all times. On top of implementing measures that safeguard data and ensure business continuity, your firm can be ready for cyber incidents by investing in cybersecurity insurance.

What is cybersecurity insurance?

Also called cyber liability insurance, cybersecurity insurance covers the costs your law firm incurs following a cyberattack. These expenses include the cost of repairing IT equipment and restoring your data, government fines and penalties, notification charges, attorney’s fees, and others.

Different cybersecurity insurance providers may offer different types of coverage. For instance, while all policies provide first-party coverage, which covers the resources your firm lost because of the cyber incident, some also offer third-party coverage. This covers the losses that third-party companies related to your firm, such as your clients and vendors, incurred because of the cyberattack against your organization.

There are also providers that offer more specific types of coverage. For example, there are policies that include media liability, which protects your law firm’s intellectual properties from infringement. Others may offer privacy insurance, which applies during incidents that result in the privacy of your attorneys, personnel, or clients being compromised.

Why do you need cybersecurity insurance?

Here are a few compelling reasons:

Cyberattacks against law firms are increasing

Regardless of the type of service you provide or the industry you specialize in, your law firm processes and stores volumes of critical data. These include financial statements, litigation records, intellectual properties, information about attorneys and clients, and others. Because of this, law firms like yours are ripe targets for cybercriminals looking for data to sell on the dark web or use for nefarious purposes.

Unfortunately, data from the American Bar Association (ABA) reveals an upward trend in the number of law firms that experience security incidents every year. From 23% in 2018, it rose to 26% in 2019, then 29% in 2020. With the ever-present risk of a cyber incident looming over law firms, it makes perfect sense to invest in the added protection provided by cybersecurity insurance.

Security incidents entail huge costs

To call a security incident “expensive” is a gross understatement — take the cost of ransomware, for example. According to data from security giant Sophos, the average ransom paid in 2021 has exceeded $170,000. What’s more, recovering from a ransomware attack, which includes replacing encrypted data with backups, has doubled from $761,106 in 2020 to $1.85 million in 2021.

But that’s not everything you have to account for. Here are some of the other expenses and losses you need to shoulder after a cyber incident:

  • Cost of notifying authorities and your clients about the incident
  • Repair or replacement of damaged hardware, if any
  • Downtime and the resulting loss of productivity
  • Overtime hours to make up for lost time

Depending on your provider and type of policy, cybersecurity insurance can cover most or all of these expenditures. This allows you to concentrate your resources on preventing future incidents by bolstering your cybersecurity.

Law firms may be subject to data regulations

Your law firm may need to comply with various data regulations depending on where you conduct business and the types of data you handle. For instance, if you operate in the state of New York, then you must comply with the New York Privacy Act once it’s passed. Or if your law firm handles cases and clients in Connecticut, then you have to comply with the state’s data privacy regulations. Furthermore, if your law firm works with hospitals or health insurance providers and handles healthcare information, then you have to comply with the Health Insurance Portability and Accountability Act.

The government, as well as industry regulators, could subject your law firm to an investigation after a cyber incident. You may also figure in various lawsuits and bad PR depending on the gravity of the situation and its outcomes. Cybersecurity insurance can cover the cost of cyber forensics to aid in investigation, as well as legal fees.

Investing in cybersecurity insurance creates well-rounded protection against cyberthreats for your law firm. You can augment your firm’s defenses further by partnering with Healthy IT. We use advanced tools and employ security specialists to monitor your network and keep it safe from multiple cyberthreats. We can also connect you with a top-tier cybersecurity insurance provider that can cover all your needs. Schedule a free consultation today.