this product is unavailable for purchase using a firm account, please log in with a personal account to make this purchase.

Select from any of the filters or enter a search term
Calendar
Calendar

What is your cover for cyber attacks?

What is your cover for cyber attacks?

By Legal Practitioners’ Liability Committee

Innovation Technology 


Only some security risks are covered by LPLC’s professional indemnity insurance. Cyber security risks should be at the forefront of practitioners’ minds in this current environment. These risks come in many forms and only some of them are covered by LPLC’s professional indemnity insurance policy. In essence, the policy covers any civil liability resulting from a claim made against a practitioner by a third party in connection with the firm’s legal practice and any defence costs associated with that claim. Any claim that a practitioner makes on the policy must be considered on its merits and subject to all of the terms and conditions of the policy. Set out here are claims likely to fall within the scope of the insuring clause and those which are not. Fake emails The example described by Simon Kerr (p19) has happened to more than one firm in the last couple of years. See LPLC’s bulletin Cyber security breach – claims caused by fake email which lists the steps that firms and individual lawyers should take to avoid these claims. Any money paid to a fraudster as a result of a fake email will be covered by the policy as the client will be seeking to recover the amount from the firm. A new variation on this scenario is the fake email coming from the firm to the client instructing the client to deposit money in the fraudster’s account. To avoid these claims firms should have a policy of not emailing payment details and tell clients about that policy at the start of every matter. Alternatively, tell clients that if they receive an email from the firm containing payment details, they should call the firm to verify. Ransomware attacks Cyber attacks that shut down a firm’s computer system and interrupt the productivity of the firm resulting in lost income would not be covered by the policy. However, if, the shut-down resulted in the firm missing a deadline on a client matter and the client suffered loss, any claim for compensation by the client would give rise to a civil liability indemnifiable under the policy. If the firm paid the ransom to unlock its computer system, that payment would not be covered as it is not a civil liability. Similarly, any cost paid to obtain technical advice from IT specialists would not be covered. Loss of confidential information Where a cyber attack results in confidential client information being stolen there are different possible outcomes. For example, the use of the confidential information may result in the client suffering a loss. If the client claims that loss from the firm the policy will cover that claim. Or, the client may make a misconduct complaint to the Victorian Legal Services Board and Commissioner for allowing the confidential information to be disclosed. That complaint is not covered by the policy unless the complaint also includes an allegation of negligence and a claim for compensation. n Contributed by the Legal Practitioners’ Liability Committee.

The content you are trying to access is exclusive to LIV members*

To access your exclusive member content please click the 'Already a Member' button below and you will be redirected automatically.

Not a member but would like to find out about the value of LIV membership? Click the 'Become a Member' button below or call our membership team on (03) 9607 9470.

*Note that some content may be exclusive to specific types of members. If you would like to inquire about your access please contact the membership team on (03) 9607 9470.