Here are examples of past cyber claims:
1. Your client is about to close on a business deal that you and the client have been working on months. The money transfer is scheduled by close of business on Friday. Unbeknownst to you and your client, months ago cyber-criminals hacked your client’s e-mail. Cyber-criminals monitored the purchase progress and waited for Friday. The cyber-criminal sends a spoofed e-mail to your client with new wiring instructions. The e-mail looks like it came from your law firm, but it did not. The client follows the instructions and sends the $2.5 million out per the fraudulent wire transfer instructions.
2. You won a large settlement on a case. Today is payday and you have received the settlement. Because the case was from a referral, you send the referral attorney their share of the settlement proceeds. Unfortunately, cyber-criminals hacked your e-mail system and waited until you have received the settlement. The cyber-criminal puts out a fake e-mail from you to your bookkeeper that appears to be an e-mail forwarded from the referral attorney as to where to wire the funds. The bookkeeper follows your instructions and wires the money.
3. Cyber-criminals hack your computer system. In the morning when you log in your informed that you have 3 days to send the equivalent of $10,000 in Bitcoins per their instructions. You notify your malpractice insurance carrier, law enforcement and hire a computer expert. You decide not to pay the ransomware, and your computer system is completely offline of the next 3 months. While you were able to service your current clients, a substantial percentage of data could not be recovered and had to be restored manually. Between the recover costs, the new computer hardware, and your lost billings it costs the firm over $750,000.
4. As a collection attorney you manage large volumes of collection accounts that contain personally identifiable Information (PII) for your clients. You find that your collection account PII which includes bank account numbers, credit card information and birth dates is now up for sale on the dark web. You now notify the appropriate state agencies, each collection account and set up credit monitoring for 5000 plus accounts. In addition, you hire a forensic IT firm to find out what happened and plug the hole. Turns out a former staff member walked out with a thumb drive.
5. A partner at a small law firm receives an e-mail with an attachment from a former client. The partner had trouble opening the e-mail attachment. The Share Point document asked for his password and login which he shared but it did not open the document. He forwards the e-mail to a staff member who also tried their login and password. They also had trouble opening the document. Days later, a client advised the partner of strange e-mails that they had received from him with new wiring instructions for funds. The firm hires a law firm that specializes in data breaches and an IT firm that does forensic analysis. The Cyber Specialist found over 80,000 compromised e-mails with 102 e-mails viewed or accessed by an unauthorized party. Likely, eight clients PII was disseminated.
Click here to obtain a Cyber Quote
Lee Norcross, MBA, CPCU
Managing Director, CEO
(616) 940-1101 Ext. 7080