How Much Can Your Firm Afford to Lose?
The ABA 2019 TechReport, Cybersecurity reported that about 26% of respondent law firms, had experienced a security breach in 2019, an increase of 11% since 2017. Another 36% of law firms have indicated their systems have been infected with viruses, spyware, and malware in 2019. The percentage of attorneys reporting that they have cyber liability coverage is small but has been increasing—33% overall, up from 27% in 2017.
Without cyber liability coverage, your firm is responsible for the financial damages associated with any data breaches involving sensitive information, such as customers credit card numbers, your bank account information, employees social security numbers, company passwords and more. These damages could include loss of business, notifications to customers, a forensic investigation, regulatory fines, and damage to your reputation and brand. Court fees and settlement costs also might incur if any of your customers decide to sue you for exposing their data. Additionally, some policies will not allow one to represent their own firm.
ABA Formal Opinion 483 reports:
“Data breaches and cyber threats involving or targeting lawyers and law firms are a major professional responsibility and liability threat facing the legal profession. As custodians of highly sensitive information, law firms are inviting targets for hackers. The data security threat is so high that law enforcement officials regular regularly divide business entities into two categories: those that have been hacked and those that will be.”
Many general liability and malpractice policies do not cover security incidents or data breaches. While property policies would cover income losses and extra expenses that result from an interruption in your business operations caused by physical damage to covered property, it would not include any electronic data.
Clients are increasingly requiring third-party security assessments, security requirements, and questionnaires from their firm to ensure their information remains secure. Overall, 34% of respondents report that they have received a client security requirements document or guidelines. Firms receiving them generally increase by the size of the firm, from 15% of solos to about 66% with 100+ attorneys.
Law.com conducted a nationwide survey of lawyers who reported a data breach in the past 5 years. This report can be found at https://www.law.com/2019/10/15/here-are-law-firms-reporting-data-breaches/. The former head of the FBI’s cyber breach unit in New York and now global head of professional services at cybersecurity company BlueVoyant, Austin Berglas states, “Law firms are only going to make those reports when they’ve confirmed through a forensic investigation that reportable information has been touched. They’re not going to report every event, every spearfishing campaign—they see it every day.”
The IBM, 2019 Cost of Data Breach Report, analyzed more than 500 global companies who experienced a data breach from July 2018-April 2019. This report constituted from multiple industries, takes into account hundreds of cost factors, from legal, regulatory and technical activities, to loss of brand equity, customer turnover, and the drain on employee productivity.
The average cost of lost business for organizations in the 2019 study was $1.42 million, which caused an abnormal customer turnover of 3.9 percent in 2019. Organizations that lost less than one percent of their customers due to a data breach, experienced an average total cost of $2.8 million, organizations with customer turnover of 4 percent or more averaged a total cost of $5.7 million.
Malicious breaches were the most common, however, inadvertent breaches from human error and system glitches were the cause for 49 percent of the data breaches studied in the report. Approximately one-quarter of the breaches were the result of human error which may have been compromised by phishing attacks or have their devices infected or lost/stolen. These types of attacks average at a loss of $3.24 million, which are less expensive than system glitches. These inadvertent failures that could not be tied to human action, accounted for an average loss of $3.5 million.
In 2014, organizations had a 22.6 percent chance of experiencing a breach within two years. In 2019, the chance of experiencing a data breach within two years was 29.6 percent. Simply put, organizations in the 2019 study were nearly one-third more likely to experience a breach within two years than they were in 2014.
Read the full 2019 Cost of Data Breach Report IBM report here:
Below is a link to the monthly report concluded by the Identity Theft Resource Center, identifying the 107 U.S. companies and the number of individual records exposed (1,954,166), just for the month of October 2019.
Are you ready to protect your firm with cyber liability insurance? Lawyers Choice specializes in helping determine which coverages are right for your firm.
Call or email us today to compare quotes from A+ rated, U.S. carriers.
Phone: (720) 226-9435
7010 Broadway Street, Suite 220
Denver, CO 80221
Fax: (720) 293-3757
CyberScout, & Identity Theft Resource Center. (2019). 2019 October Data Breaches. Retrieved
November 8, 2019, from https://www.idtheftcenter.org/2019-data-breaches/.
IBM Secuirty. Ponemon Institute. (2019). Cost of a Data Breach Study. Retrieved November 8,
2019, from https://www.ibm.com/security/data-breach?cm_mmc=Search_Google-_-Security_Optimize+the+Security+Program-_-WW_NA-_-+ibm +breach of +data_b&cm_mmca1=000000NJ&cm_mmca2=10000253&cm_mmca7=9028792&cm_mmca8=aud-320658051736:kwd-417449383368&cm_mmca9=Cj0KCQiAn8nuBRCzARIsAJcdIfOifM-IsbJ_JpX3h0cssESy1jRekW2xxLwZ2pUDFiRsMLtaJwA_SkIaAosAEALw_wcB&cm_mmca10=396554014264&cm_mmca11=b&gclid=Cj0KCQiAn8nuBRCzARIsAJcdIfOifM-IsbJ_JpX3h0cssESy1jRekW2xxLwZ2pUDFiRsMLtaJwA_SkIaAosAEALw_wcB&gclsrc=aw.ds.
Loughnane, J. (2019, October 16). 2019 Cybersecurity. Retrieved November 8, 2019, from
Simmons, C. (2019, October 15). Law Firm Cybersecurity: See Which Firms Reported a Data
Breach. Retrieved November 8, 2019, from https://www.law.com/2019/10/15/here-are-law-firms-reporting-data-breaches/.