(Are you kidding me?)
Yes, that’s right. The most costly claim a law firm may face is probably NOT going to be:
- A grievance filed or a claim against your Lawyers Professional Liability (or Malpractice)
- A slip & fall in your office by a client or delivery person (covered by your General Liability or Business Owner policy)
- A loss of income due to a fire because you cannot utilize your office space to meet with clients, (which again, should be covered by your Business Owner Policy).
WHY? Because, MOST LIKELY, your firm is already insured and protected for these types of losses. (If it isn’t, we need to talk about that too.) The most you’ll be held financially responsible for is your deductible when it applies (unless the loss is higher than the limits of the policy, i.e. you are under-insured).
With a Data Breach, whether via paper files that don’t get shredded, a lost lap top, stolen cell phone, email sent in error, or someone hacking your server or a third party cloud based software, all costs (remediation, liability, fines & penalties) associated with COMPLYING WITH State and/or Federal laws pertaining to the data breach, rest solely on your law firm.
And why? Because in all likelihood, your firm is not protected from this type of loss. But it could be, with the right Cyber or Privacy Liability policy. AND it’s pretty inexpensive, compared to the possible loss your firm could suffer. (How MUCH could it cost you? $195 PER record is the average hard cost of responding to a data breach – investigation, notification of clients, credit monitoring, etc… This doesn’t even include liability and fines / penalties with NOT complying with State or Federal laws.)
Yup, the next thing on your mind is “This type of thing only happens to Target or Home Depot – not my firm, and not anyone I know.” And here’s where you may be wrong, because of two alarming statistics:
- Approximately 50% of all data breaches are the result of employee errors (putting files in the wrong box that was supposed to be shredded, but instead ends up as someone’s dumpster dive night, E-filing and Un-redacted information, a stolen lap top or brief case with client information, emails with spreadsheets of employee medical and insurance info sent to the wrong email address, or the biggee – stolen cell phones with access to email accounts – do you really think a 4 digit pin will keep it from being accessed?). Plus the fact that whatever you send in an email, text or by electronic means is not guaranteed to stay private or confidential (remember SONY?).
- 71% of Cyber hacking is being directed towards small to medium size companies because they are considered easier prey. Within that, companies with confidential medical information are being singled out in particular, because this information sold on the black market, yields much higher profits, than regular Personal Identifiable Information (PII). Add to that case files FULL of medical, financial AND PII, and you ARE a target.
You are not alone; 48% of small business owners do not have a strategic approach (Cyber Security Plan) in place to keep their business secure. But you can do better and protect the company you have worked so hard to build. A Cyber or Privacy Liability Policy – the right one – should be part of that plan.
Next up…in my Cyber Liability Insurance Blog Series…
- Where does your firm stand within ABA guidelines with use of technology and how it responds to a Data Breach? Let’s count…How many ways can State and Federal Laws penalize ($$) your firm if you ignore the statutes, and don’t comply? Can you spell “HIPAA”?
- Can you ever get your client’s perception of trustworthiness back after their confidential information has been stolen and used – or worse, broadcast across the internet?
- Exactly what is insured with a Cyber or Privacy Liability Policy? What to look for that makes it a good policy for your firm, and what are the triggers for that policy? How much is enough protection? Do the math.
Latest posts by Sharron M. Bauer, MLIS (see all)
- The Most Costly Claim a Law Firm May Face: Data Breach - February 9, 2016