Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Law Firms: A “Fully Radioactive Form of Risk”

June 28, 2022

Yes, I am back to talking about cyberinsurance again which has become an all-consuming nightmare for law firms. But this time, the perspective is Canadian – and yet, it mirrors everything happening to law firms in the U.S.

Insurance Business Canada reported on June 23 the extent of the strain on the cyberinsurance market in Canada. As in the U.S., the rise in ransomware claims and the lack of security controls in law firms has caused huge rate increases, reduced coverage and demands for enhanced cybersecurity.

At the end of 2020, cyberinsurance loss ratios were up to 400%, which means that for every $1 taken in, insurers were paying out $4. Clearly that is not sustainable.

Patrick Bourk, principal and national cyber practice leader at HUB International Ontario notes, “What we [brokers] end up doing is remarketing a lot of accounts.”

Bourk works with a lot of law firms, which he describes as a “fully radioactive class of risk” that few cyberinsurance companies want to underwrite.

“Law firms have this treasure trove of information. Statistically, they’re about six times more likely to pay the first ransom demanded, rather than negotiate it – which is quite ironic,” he said. “So, I go and speak to these smaller law firms who have been buying cyber insurance for a number of years (because they’ve realized it’s not a professional liability exposure; it’s a data exposure) and I have to tell them, months in advance of their renewal, that their premium is going to shoot up.”

“I had one law firm client whose premium went from about $4,000 to $36,000. So, I remarketed the account, which led to all of these questions coming back from different insurers about cyber security controls. So, that client had to very quickly work with IT security firms and managed services security providers to get their house in order as quickly as possible and become a more attractive risk. And that’s a challenge too, because a lot of times, you can’t do that very quickly.”

Bourk notes the problems that law firms face: “Then you’ve got the office manager of these smaller boutique law firms trying to balance: ‘If I hire somebody to help me with pre-breach preparedness, or if I buy all of these security tools like endpoint detection and response or a privileged access management system, that’s going to cost me $30,000 too. So, what should I do now? Do I need the insurance piece?’ And they have to grapple with all that in a pretty short, condensed timeframe,” Bourk said.

In the case of the client who had a $4,000 to $36,000 rate increase, Bourk found an insurer who acknowledged the law firm’s cybersecurity enhancements efforts and its risk mitigation – even though they weren’t fully implemented by the time they needed the policy – and their final premium was increased to just $9,000.

“My team at HUB does a lot of larger, complex risk placements – and for those firms, we have to say: ‘You can start from the premise that your deductible is going to go up twice, your premium’s going to go up by 100%, and you’re going to get half the limit you had before,’” Bourk explained.

It is no different in the U.S. Law firms are struggling to get quality cyberinsurance at a reasonable price. What we have learned is that it is all about the broker. If your broker is not proactive about working with your firm to educate you about the new expectations from carriers and constantly updating you about the changes in cyberinsurance, you’ve got the wrong broker. If the broker isn’t giving you multiple options and constantly scouring the ever-changing marketplace for the best coverage at the best pricing, you’ve got the wrong broker.

A law firm’s best option, if it is unhappy with its cyberinsurance and its broker, might be to ask other law firm leaders for the names of insurance brokers they would recommend.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Law Firms: A “Fully Radioactive Form of Risk”

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer