In the week when a PII insurer declined to indemnify a £700,000 loss of client money, (and made national headlines http://www.bbc.co.uk/news/uk-34432596), the whole question of just how robust your insurance programme is came sharply into focus. Do your PII, Cyber and Crime policies dovetail? Do you have Cyber and Crime policies? Moreover, how do you manage these risks in the first instance?
The scale of the threat is really quite worrying. According to the press 3 or 4 solicitors per week are being targeted in so called Vishing attacks. Bogus invoice and fake director scams and the continual efforts of hackers to access sensitive client data all add to the mix.
As insurance brokers and risk managers we see the impact and aftermath of these incidents. In the past it has been relatively easy to identify where a threat would come from and Solicitors firms have invested in Strong rooms and Fireproof file stores, however theft and fire now seem to be a long way down the priority list as threats to the business. Can you imagine the reputational damage of being in the press for losing client money, or sensitive child protection data?
Risk management advice around these new threats is now quite widespread and is generally centred on staff awareness, discipline and training. If however the worst were to happen, will your insurance programme respond?
Solicitors Professional Indemnity
Whilst the SRA minimum terms and conditions are exceptionally broad and do offer some protection in these areas, it is clear that the policy was not designed to cater for the threats now being posed by organised criminals trying to get access to your precious client data or client funds. It is therefore too early to tell how insurers and indeed the SRA will react to these new threats and what will happen in the event of an incident.
This policy is also primarily aimed at consumer protection and therefore does not pick up any loss of the firms money and is unlikely to pay for regulatory action following a loss of client data that is reported to the ICO.
Cyber Liability Insurance
This policy is specifically designed to cover the costs associated with a network breach and include: –
- Investigation costs, fines and penalties
- Business Interruption following a loss of data or network downtime due to a malicious or accidental act.
- PR Costs
- Costs of notifying data subjects
- Cyber extortion expenses
This cover provides protection for your business from fraud by third parties or employees and is extremely broad. You can also choose to insure the client account under this policy or rely upon the Professional Indemnity Insurance.
Whilst you need to be able to evidence a loss it can be a good back stop to the types of issues occurring at the moment.
If you would like to discuss these issues or need more information please contact one of our team.