October is Cyber Awareness Month. When an attorney malpractice insurance client asks us “Is this Covered” it is likely too late to help them with this claim.
Here are examples of claims made. These law firms did not have a cyber policy:
- Your client is about to close on a business deal that you and the client have been working on months. Transferring the money happens by close of business on Friday. Unbeknownst to you or your client, a hacker is monitoring your client’s e-mail for months. The Cyber Criminal has just been monitoring the progress of the purchase and has been waiting for the transfer to come about on this coming Friday. A spoofed e-mail to your client by the cybercriminal includes new wiring instructions. The e-mail looks like it came from your law firm, but it did not. The client follows the instructions and sends the $2.5 million out per the fraudulent wire transfer instructions.
- You won a large settlement on a case months ago. Today is payday and you have received the settlement. Because the case was from a referral, you send the referral attorney their share of the settlement proceeds. Unfortunately, the cybercriminal monitors your hacked e-mail system and waits until they know that you have received the settlement. The cybercriminal puts out a fake e-mail from you to your bookkeeper that appears to be an e-mail forwarded from the referral attorney as to where wire the funds. The bookkeeper follows your instructions and wires the money.
- When you log in one morning you the cybercriminal states you have 3 days to send the equivalent of $10,000 in bitcoins per their instructions. You notify your malpractice insurance carrier, law enforcement and hire a computer expert. You decide not to pay the ransomware, and your computer system is completely offline of the next 3 months. While you were able to service your current clients, paper records required manual input for unrecovered data. Between the recover costs, the new computer hardware and your lost billings it costs the firm over $750,000.
- You find out that your client’s collection accounts personally identifiable information including bank account numbers, credit card information and birth dates is now up for sale on the dark web. Your required to notify the appropriate state agencies, each collection account and now you need to set up credit monitoring for the 5000 plus hacked accounts. And you need to hire a forensic IT firm to find out what happened and plug the hole. Turns out a former staff member walked out with a thumb drive.
- A partner at a small law firm receives an e-mail with an attachment from a former client. The e-mail had an attachment that the partner had trouble opening. The Share Point document asked for his password and login which he shared but it did not open the document. He forwarded the e-mail to a staff member who also tried their login and password. They also had trouble opening the document. Days later a client advised the partner of strange e-mails that they had received from him with new wiring instructions for funds. The firm hires a law firm that specializes in data breaches and an IT firm that does forensic analysis. They found over 80,000 emails determining 102 of the e-mails viewed or accessed by an unauthorized party. With potentially 8 clients personally identifiable information disseminated.
Request a Free Cyber Insurance Quote
Contact Me Today
Lee Norcross, MBA, CPCU
California License # 0D87292
L Squared Insurance Agency, LLC ® DBA in California as L2 L Squared Insurance Agency, License # 0L93416
Managing Director, CEO
Lee@L2Ins.com
616-726-7080