Navigating Risks in the Cyber Insurance Landscape

Over the past two decades, October has been designated as Cybersecurity Awareness Month by the federal government to emphasize the growing threats posed by cybercriminals and encourage measures to mitigate these risks. However, according to an article by Esquire Deposition Solutions, LLC, the legal community has historically lagged in adopting robust cybersecurity practices. In 2020, only 43% of law firms encrypted client data, 39% used two-factor authentication, and 29% employed intrusion detection technologies.

Recognizing the need for a more robust response, the American Bar Association (ABA), state bar associations, and attorney regulatory bodies have intensified efforts to enhance law firm data security. Educational programs, best practice guidelines, ethics opinions, and tweaks to ethics codes aim to raise awareness and improve practices. The urgency is fueled by data breach legislation, regulatory scrutiny, class action litigation, and the fallout from cyberattacks on law firms.

This year, the ABA House of Delegates passed Resolution 609, outlining measures for law firms to enhance cybersecurity in day-to-day operations. Despite progress, there’s a risk of information overload for practicing lawyers, leading to potential neglect of cybersecurity or hasty delegations of responsibilities.

For Cybersecurity Awareness Month, the focus is on cyber insurance. The Delinea survey reveals common gaps in coverage: lack of security protocols, internal bad actors, human errors, and non-compliance with procedures. Notably, factors contributing to coverage denials are largely under the control of law firm leaders. The dynamic cyber threat landscape and evolving cyber insurance market necessitate close attention.

Key takeaways from the survey emphasize the shared responsibility of law firms and insurance carriers in mitigating losses from cyberattacks. Law firms must adopt best practices and stay informed about evolving threats to ensure coverage. Importantly, there’s a need for a general awareness that cyber insurance might not cover all losses from a cyberattack, emphasizing the importance of negotiating specific coverage for crucial categories.

Adriana Luedke, a member of the ABA Cybersecurity Legal Task Force, underscores the critical role of lawyers in ensuring cybersecurity vigilance, emphasizing the need for continuous learning and action in the face of increasing threats.