Our insurance carriers say lawyers are now a top sector targeted by threat actors. Of course, law firms are no strangers to threats from cybercriminals, but the nature of this threat has changed over time. Cybercrime was primarily an end-user problem in the past, with hackers seeking to steal financial information.
Today, the danger has shifted- instead of stealing data; criminals are using malware attacks on legal practices to gain access to sensitive legal information.
Why Hackers Target Law Firms
Cyber breaches increasingly plague legal offices of all sizes for various reasons. However, law firms remain targets due to the amount, type, and organization of information stored in attorneys’ systems and how much money goes through them for litigation and transactions.
In addition, the number of lawyers working remotely increased, and threat actors are constantly updating and improving their attacks. Though threats continue to evolve, the most successful exploits are not new, just refined.
Cybercrime has been labeled the number one threat to these businesses. The American Bar Association reports that attorneys are increasing their use of enhanced security measures and cyber liability insurance policies to safeguard against cyber threats.
A report by Law360 Pulse revealed a spike in breaches of firms under 50 lawyers in 2021. From 33 breaches in 2020 to 68 breaches in 2021, an increase of more than 100%, and 106 out of 116 breaches occurred due to hacking, phishing, or malware.
Carriers Acknowledge Growing Risk
According to reports from our insurance carriers, threat actors are obtaining and leaking sensitive data, whether it’s class action lists, divorce settlements, or other vulnerable client information leading to extreme extortion demands far higher than in any other industry.
Consequently, legal services providers are more inclined to pay ransom demands because of possible reputational and legal repercussions.
Law Firm Cyber Attack Statistics:
- According to one insurance carrier, the six most significant ransomware claims in the past 12 months involved professional service firms, exceeding $5 million in costs.
- Cybercriminals are widely known to demand more than five times the extortion demand from law firms than in any other industry.
- Professional service firms make up only 14% of the businesses in the US but make up over 25% of ransomware attacks.
- Due to inadequate security measures, most ransomware attacks are on small and medium-sized firms.
Importance of Safeguarding Your Firm
Ransomware threats are on the rise across many fronts, so it’s no surprise that cyber insurance rates have also increased, reportedly between 30-150% on average and up to 500% in rare cases.
In addition to tightening rates and capacity, underwriters are examining attorneys’ cybersecurity practices. Most insurance carriers now require Multi-Factor Authentication (MFA) on all fronts; email, remote access, and privileged users. In some cases, insurance carriers are starting to deny renewal coverage to companies that don’t have MFA.
In addition, some carriers are adding a minimum 20% ransomware coinsurance provision to their coverage proposals. For these reasons, we recommend implementing proper safeguards to prevent a cyberattack.
Beyond reducing cybercrime risk, having the right insurance protection against attacks without common exclusions is prudent. Policy language varies, so whether a business is covered depends on how exclusions are worded.
Cyber Insurance for Law Firms
Cyber insurance can help protect organizations from the financial impacts of cyberattacks. For law firms, this may include coverage for breach response costs like forensic investigations to identify damage and attack sources. It could also cover customer notification expenses and legal fees.
For example, some policies include access to cyber response specialists, such as forensic investigators and public relations experts. These specialists can help the firm launch an effective response plan.
In conclusion, law firms are lucrative targets for cybercriminals. The sensitive client information and funds they handle make the legal sector vulnerable to attacks aimed at theft and disruption.
Cyber insurance can financially offset costs from notifications, legal services, PR, and business interruption from an attack. However, technology and insurance must work hand-in-hand with training to create a culture of security awareness.
Law firms and support staff should adhere to best practices for passwords, phishing identification, multi-factor authentication, and incident reporting. With persistent vigilance and a multilayered approach, law firms can mitigate risks and demonstrate resilience in the face of increasing cyber threats.
Take Action to Safeguard Your Legal Firm
Find out how Mason-McBride can protect your law firm from the threat of cyber attacks – request a proposal.
For helpful tips on other popular topics, check out articles on:
- Decoding E&O Insurance Policy Language
- Cyber Insurance Coverage Exclusions
- Ransomware Developments
- Cybercrime Targeting Small Businesses
Article By Jamie Parry