According to our insurance carriers, lawyers are now the top sector targeted by threat actors. Of course, law firms are no strangers to threats from cybercriminals, but the nature of this threat has changed over time. Cybercrime was primarily an end-user problem in the past, with hackers seeking to steal financial information.
Today, the danger has shifted-instead of stealing data, criminals are using malware attacks on law firms to gain access to sensitive legal information.
Why Hackers Target Law Firms
Cyber breaches increasingly plague law firms of all sizes for a variety of reasons. Due to the amount, type, and organization of information stored in law firms’ systems, as well as the amount of money that moves through them for litigation and transactions, law firms remain targets. In addition, the number of lawyers working remotely is increasing, and threat actors are constantly updating and improving their attacks. Though threats continue to evolve, the most successful exploits are not new, just refined.
Cybercrime has been labeled the number one threat to these businesses. The American Bar Association reports that lawyers are increasing their use of enhanced security measures and cyber liability insurance policies to safeguard against cyber threats.
A report by Law360 Pulse revealed a spike in breaches of firms under 50 lawyers in 2021. From 33 breaches in 2020 to 68 breaches in 2021, an increase of more than 100%, and 106 out of 116 breaches occurred due to hacking, phishing, or malware.
Carriers Acknowledge Growing Risk
According to reports from insurance carriers, threat actors are obtaining and leaking sensitive data, whether it’s class action lists, divorce settlements, or other vulnerable client information leading to extreme extortion demands far higher than in any other industry.
Consequently, law firms are more inclined to pay ransom demands because of possible reputational and legal repercussions.
Law Firm Cyber Insurance Statistics:
- According to one insurance carrier, the six most significant ransomware claims in the past 12 months all involved professional service firms, exceeding $5 million in costs.
- Cybercriminals are widely known to be demanding more than five times the extortion demand from law firms than in any other industry.
- Professional service firms make up only 14% of the businesses in the US but makeup over 25% of ransomware attacks.
- Due to inadequate security measures, most ransomware attacks are on small and medium-sized firms.
Importance of Safeguarding Your Firm
Ransomware threats are on the rise on so many fronts that it’s no surprise cyber insurance rates have increased too, reportedly between 30 to 150% on average and rare cases, up to 500%.
So, in addition to tightening rates and capacity, underwriters are looking at how companies maintain their cybersecurity, with most insurance carriers requiring Multi-Factor Authentication (MFA) on all fronts; email, remote access, and privileged users. In some cases, insurance carriers are starting to deny renewal coverage to companies that don’t have MFA.
In addition, some carriers are adding a minimum 20% ransomware coinsurance provision to their coverage proposals.
For this reason, we recommend you consider putting in place the proper safeguards to prevent a cyberattack. In addition to reducing the risk of cybercrime at your firm, it is also wise to ensure your firm has the right level of insurance protection.
Cyber Insurance for Law Firms
Lawyers and firms will continue to be targets of hackers since they handle large amounts of money and information.
Firms must learn how to handle breaches properly and safeguard with cyber insurance coverage to avoid or mitigate resulting liabilities.
Cyber insurance for law firms enables cyber experts to respond rapidly to a data breach, including forensic experts, attorneys, breach response specialists, and credit monitoring companies. Cyber insurance protects corporate balance sheets from losses not typically covered by traditional insurance policies. In addition to first-party costs such as ransomware, forensic investigation, and notification, cyber insurance extends to third-party claims alleging unauthorized disclosure of personal and corporate information.
Take Action to Safeguard Your Law Firm
Find out how Mason-McBride can protect your law firm and request a proposal.