You know cybersecurity is important. We know you know cyber security is important. It feels like the whole world preaches the importance of cybersecurity because – well – it’s important. But although it’s vital for everyone, it’s even more so for law firms because they handle sensitive client information.
We’ve provided articles on how to avoid phone scams, wire transfer fraud, phishing emails and other common technology-related crimes law firms often face. As the saying goes, an ounce of prevention is worth a pound of cure – but what is that cure when it comes to a cyber breach?
What to do?
Obviously the first things to do after a cyber event is an initial assessment – what happened and when, who and what was affected, and how much damage has been done? The exact steps your firm would take in the event of a malicious attack depend greatly on the answers to those questions. Steps can include changing passwords and disconnecting devices, contacting your IT professional to mitigate further or ongoing damage, and notifying those affected.
You’ll also want to contact OAMIC. Even if you weren’t aware, we include cyber liability and data breach response coverage (or, more commonly called “cyber liability insurance”) with base limits on every lawyers professional liability insurance policy at no additional charge. Because we know base limits may not be suitable for every firm, a firm may choose to increase their limits to better protect themselves at a fairly low cost.
What does OAMIC’S cyber liability insurance cover?
Limits are aggregate based on the size of your firm, but again, you can also choose to increase your limits to ensure you have adequate coverage. To learn more or read the full policy language, visit our Cyber Liability Insurance page.
Also, it’s important to know that your OAMIC cyber coverage not only includes first-party coverage for the law firm, but also third-party coverage to the firm’s clients. A short list of what’s included (subject to policy language) is:
- Forensic Expense – the cost associated to investigate the source or cause of the event
- Monitoring Expense – credit monitoring, identity monitoring or other solutions offered to notified individuals
- Crisis management and public relations – costs related to mitigating harm to the firm’s reputation
- Cyber extortion – costs associated as a direct result of an extortion threat
- Regulatory defense and penalties – defense costs and penalties associated with a claim in the form of regulatory proceedings.
Like any claim, it’s important to let us know as soon as possible. The sooner we know, the sooner we can start to help make things right.