Click. Even after the warning, you just can’t help yourself. You’ve opened the email from an unfamiliar web address, and boom! In just seconds, there goes all your data, and worse – all of your firm’s and clients’ data too.
Cyberattacks and data breaches are too often making headlines and creating headaches in today’s tech-reliant world. But how can individuals and firms protect themselves if and when they befall victim to such a breach?
Enter cyber insurance: a type of general insurance that covers “internet-based liability and risks,” developed with the intention to help entities “recover from a data breach or identity theft by mitigating all the costs that crop up in the aftermath.” Though most companies have been covered by some form of cyber protection under existing general or professional liability insurance policies,stand-alone cyber policies are relatively new to the market and have only been available for a little over a decade.
Cyber specific policies come in all shapes and sizes and can be custom designed for individuals and businesses alike. Policies can focus narrowly on personal identity theft or on larger-scale breaches involving client or other third-party data, and coverage can include everything from legal costs, to assisting with client notification when a breach does occur.
For individuals and small business owners, popular providers like Nationwide, better-known for their auto, home, and life insurance services, even offer cyber insurance policies that can include data recovery, system repair, legal fee coverage, and more.
For larger companies and law firms, picking the right policy can be a little trickier, if they chose to purchase a policy at all. Law firms, in particular, should consider what insurance policies are already in place and review what cyber coverage is already included in those policies. The addition of a cyber insurance policy could create overlapping coverage, or even a gap in the coverage if not designed efficiently or effectively.
A recent study by Deloitte determined that larger scale buyers are still skeptical of purchasing “cyber insurance,” the protections in place to help recover after a cyberattack, despite being willing to invest heavily in other “cybersecurity” measures, the precautions taken to prevent a cyberattack. Some attribute this uncertainty to the fact that the stand-alone cyber insurance is still an emerging market, still mostly “unproven and unpredictable,” while others point to the mistrust in insurance pricing as a deterrence for consumers. Further, general data on cyberattacks has only been collected for two decades, and the data available that would be of any value to insurers and consumers is not available in a centralized format.
Even data on the legal profession alone is scarce. An article published by the American Bar Association (ABA) Journal reports that there is “no definitive number of how many lawyers or law firms are covered by some form of cyber insurance,” yet offers an estimate of only ten to fifteen percent of firms having stand-alone cyber insurance policies.
In the end, the cyber insurance trend suggests that it is not the end-all-be-all for cyber protection, and whether an individual or a firm chooses to purchase protection is largely based on comfort with other security measures already in place.
* Killoran Long is a second-year law student at Wake Forest University School of Law and is the Business Law Program Fellow for the 2018-2019 school year. She is a graduate of the University of South Carolina where she earned her degree in Political Science. Before returning to law school, she spent over five years working in government relations in Washington. D.C.