Law firms need to realise that Cyber insurance is not only for internet-based or technology companies. In fact, any company or organisation that relies on a network or system for the operation of their business or who stores and/or processes data, can benefit from the risk transfer mechanism that cyber insurance provides. The website Hackmageddon is especially useful for seeing this in practice; for instance their March 2016 cyber-attacks timeline shows that industries varying from plastic surgeries, shipping and concrete suppliers to food manufacturing, governments and legal services have suffered cyber-attacks and breaches.
The widely discussed Mossack Fonseca data breach (aka the Panama Papers) is the largest data breach ever, and it shows the vulnerability of legal services to cyber-attacks and acts as a scary wake up call for law firms around the world. The nature of their business and clients, means that the data they store is highly sensitive. When you couple the valuable intellectual property and highly-confidential commercial information held with the fact that cyber security defence measures are often weak, law firms continue to appeal to hackers as somewhat easy targets.
According to the LawGazette, hackers have targeted 48 elite law firms (including some well-known outfits such as Allen & Overy, Freshfields and Hogan Lovells) to steal information on mergers, acquisitions and to aid insider trading. It is vital therefore, that cyber and data security becomes a matter of high importance for senior executives. Not only in terms of protecting their organisations from outside threats, but to also ensure that internal access procedures and restrictions are in place to prevent breaches occurring from within. In fact, both the fraudulent and negligent acts of employees still account for almost a third of all data breaches according to DataBreachToday.com.
Politically, we are moving into an environment whereby it is difficult to be seen as being soft on data breaches. With the new regulation coming into force across Europe and the Panama Papers case emphasising to the whole world the damaging reputational impact that a data breach can have, many law firms will inevitably turn to cyber insurance providers for protection. Their cost-effective access to breach response panels, forensic experts and specialists ensure that, if a breach was to occur, the liabilities and costs involved are quickly minimised and mitigated.