Cybersecurity: Understanding Cyber Insurance for Law Firms

It is a commonly held belief among attorneys, and by law firms in general, that cybersecurity and liability risk is insured by legal professional liability (LPL) coverage. Certainly, there is some truth to this assertion, but there is more to digital privacy, cyber attacks, and cyber insurance than LPL is able to cover.

Crucially, LPL coverage is intended to protect lawyers against malpractice, human error, acts of omission, acts deemed wrongful, and breaches of fiduciary duty or contract. One major insurance provider puts it this way: “Whether a small or mid-sized law firm, your business has potential exposures as client expectations are increasing and malpractice lawsuits are becoming more common. Your business and financial security depend on how well protected they are from a lawsuit or claim.”

While this is absolutely necessary, if an attorney’s or firm’s networks, servers, or systems are attacked and breached, though, there is a chance that LPL will not be able to pick up all the tab, legally speaking. To be indemnified from such attacks, law firms need to also have a policy protecting them. Cyber attacks against legal professionals are on the rise. One in four law firms has had their information hacked, according to the American Bar Association. With this in mind, it is vital to understand what cyber insurance is and how lawyers can benefit from it.

Cyber Insurance for Legal Professionals

To understand why firms need cyber insurance, it is helpful to get a firm grip on what exactly these policies are and what they cover. Cyber insurance, sometimes called cyber liability (CLIC) or cyber risk coverage, is intended to assist companies and other organizations with the financial aspects of data recovery and other activities in the unfortunate event of a cyber breach. It can be costly to the point of ruinous when such attacks occur, so this form of policy is not only gaining popularity but is becoming an essential aspect of running a successful law firm in the twenty-first century.

For perspective, one source estimates that the premiums on such policies will get as high as $7.5 billion by next year (2020). To make that number even more staggering, only about a third of all companies hold these types of policies today. As mentioned earlier, about a quarter of all law firms are experiencing breaches. The numbers do not add up favorably thus far.

With this knowledge in mind, it isn’t a matter of whether a cybersecurity breach will occur to any given law firm, but a matter of when and how bad it will end up being. If there’s one thing attorneys know, it’s that adverse events of any kind often result in lawsuits. They simply aren’t usually on the receiving end of those claims. When a cyber breach does happen, though, they will be, and if they don’t have cyber insurance, they could end up in deep financial trouble.

report by Cisco states over 80% of respondents said that their business operations experienced a minimum of one hour of downtime and a sizable half of those experienced as many as eight hours of downtime. This resulted in over a million dollars of damage to these types of organizations, according to Ponemon.


Attorneys, like the rest of the business world, simply cannot afford to suffer these types of losses and continue to operate. To sum it up, cybercrime is incredibly expensive, difficult to detect with speed and accuracy, and even harder to defend against. There is no other threat to an organization like a cyber attack and breach. Having a cyber insurance policy is becoming less and less of an option and more and more of a requirement.

Download as PDF

Want a copy of this article? Download it for free!

Download This Post PDF Icon