Think your law firm doesn’t need cyber insurance? You may want to rethink that after reading this.
Russian cyber criminal targets elite Chicago law firms
Last week, a Russian broker targeted elite law firms in both Chicago and New York hoping to discover information about their clients that he could then use to gain a financial advantage in the stock market. Insider trading is by no means a new phenomenon, however the means to gain access to the information has moved beyond word of mouth to a more direct approach: hacking the information from the source.
It goes without saying that these firms are now financially liable for any undue harm resulting from a loss of value, but regardless of fluctuations in share price, its breached clients will undoubtedly bring massive suits due to the nature of the information breached. Yes, the financial information is important, but the damage to your reputation and that of your clients clients could be irreversable.
- What if a hacker accessed confidential proprietary information like product designs for a manufacturing or product development client that could be copied and sold within their competative market?
- What if this hacker accessed employee information and records that could then be used to commit identity theft?
By design, a law firm is entrusted with a client’s most valuable information, so why shouldn’t they arm themselves with the most advanced security?
Old Stereotypes And Beliefs Leave You Exposed
If you are a law firm and think that hackers are neither savvy enough nor have the business acumen or the market access to insider trade (maybe the old stereotype of a kid hacking networks in their parents' basement for kicks), this should make you sit up straight: the hacker was HIRED. The broker- who had a lot to gain and the means to trade on the foreign exchanges- hired a black hat hacker to find this information for him.
Hackers-for-hire make full-time careers out of hacking secrets for immoral people, who themselves are now increasingly aware of the appeal of paying someone else to do their dirty work. The implications of being able to pay someone to commit espionage are tremendous- no longer must the corrupt be technically savvy or be a member of organized crime. All information is fair game for those willing to pay for it.
Now think about your firm and the clients it represents. Do you represent businesses? Do you represent patients? Do you hold confidential personal information- like social security numbers, credit card information, or medical records? In your line of work, do you regularly litigate cases that become contentious? Would your opponent in court stand to gain anything by paying a few hundred dollars to hack your emails or documents? If you answer “yes” to any of these questions, you should seriously consider purchasing a cyber insurance policy.
What Should You Do To Protect Your Business?
For the immediate future, cyber insurance is still a cheap insurance policy to own. Pricing is based off firm revenues, but you can expect the amount to be roughly 5-10% of your malpractice policy. Many firms wrongly believe that because their Professional Liability policy contains cyber coverage they are sufficiently covered. The truth is that cyber inclusions in liability policies include language that excludes most breaches or voids coverage based on other IT-related factors.
Social Engineering Attacks, Out-Of-Date Software, And Infrastructure Issues Are Not Always Covered
For instance, the user error exclusion will not cover breaches that are caused by an employee inadvertently clicking on a link that leads to malware. The encryption exclusion voids coverage if firm computers and smartphones aren’t properly encrypted (most firms are not encrypted). These are just two examples of the many ways insurance carriers attempt to deny coverage. More About Social Engineering Attacks Here
Cyber insurance expert Charlie E. Bernier has created a policy with an A+ rated carrier that does not contain these exclusions, and businesses are scrambling to get their hands on it before pricing goes up. Currently, policies start at $1500 for $1,000,000 in coverage, and the application process is only one page. Quotes can be emailed within 24 hours. For more information, visit our sister site, ECBMCyber.com.