Skip to main content

Only some security risks are covered by LPLC’s professional indemnity insurance. Cybersecurity risks come in many forms and only some of them are covered by LPLC’s professional indemnity insurance policy.

What's on this page?

In essence, the policy covers any civil liability resulting from a claim made against a practitioner by a third party in connection with the firm’s legal practice and any defence costs associated with that claim.

Any claim that a practitioner makes on the policy must be considered on its merits and subject to all of the terms and conditions of the policy. Set out here are claims likely to fall within the scope of the insuring clause and those which are not.

Fake emails

Email based cyber-attacks are a primary way in which cyber-criminals breach law firm networks. Attack vectors such Business Email Compromise, phishing, and malware delivery consistently remain top causes of claims to the LPLC.

Any money paid to a fraudster as a result of a fake email will be covered by the policy as the client will be seeking to recover the amount from the firm.

The typical scenario is the fake email supposedly coming from the client instructing the lawyer to deposit money in the fraudster’s account. To avoid these claims firms should establish a strict procedure on how payment details are to be shared between the firm and client (preferably written in hard copy) and the clients should be reminded about the procedure at multiple times throughout the matter. The procedure for payment should include a ‘call before you pay’ step ensure that everyone follows this any time a payment is to be made.

Ransomware attack

Cyber-attacks that shut down a firm’s computer system and interrupt the productivity of the firm resulting in lost income would not be covered by the policy. However, if, the shut-down resulted in the firm missing a deadline on a client matter and the client suffered loss, any claim for compensation by the client would give rise to a civil liability indemnifiable under the policy.

If the firm paid the ransom to unlock its computer system, that payment would not be covered as it is not a civil liability. Similarly, any cost paid to obtain technical advice from IT specialists would not be covered.

Loss of confidential information

Where a cyber-attack results in confidential client information being stolen there are different possible outcomes. For example, the use of the confidential information may result in the client suffering a loss. If the client claims that loss from the firm the policy will cover that claim. Or, the client may make a misconduct complaint to the Victorian Legal Services Board and Commissioner for allowing the confidential information to be disclosed. That complaint is not covered by the policy unless the complaint also includes an allegation of negligence and a claim for compensation.

More on Technology & Cyber

All Resources
LPLC Articles

Warn and protect your clients from cyber fraud

Cyber security 12 Jun 26

Just as you need to protect your firm against scam emails directing payment of trust money to cyber criminals, you need to be proactive in warning clients they might be targeted with fake emails from your firm.

Learn more
LPLC Articles

Call before you pay: the simplest way to stop email payment fraud

Cyber security 11 Jun 26

Email remains one of the most common pathways for payment redirection fraud, particularly where a cybercriminal gains access to a client or law firm email account and inserts false bank details into an otherwise genuine matter. The most effective practical safeguard is simple: before money is paid, the bank details must be verbally verified using a trusted, independently sourced telephone number.

Learn more
LPLC Articles

Enable multifactor authentication – a simple thing that could save you

Cyber security 11 Jun 26

Multi-factor authentication is one of the most effective ways you can prevent cyber-criminals from gaining access to your firm’s systems and your clients’ confidential information. Multi-factor authentication is readily available, easy to set up and gives you an extra layer of security if your password is stolen (including where it is fraudulently obtained by phishing and social engineering).

Learn more
All Resources

Latest News & Alerts

All News & Alerts
News

Joint statement on behalf of the Victorian legal profession on the tragic events at Bondi Beach

Where to get help 15 Dec 25

We are united in our shock and sorrow following the horrific attacks that took place at Bondi Beach yesterday evening.

Our thoughts are with the victims, their families and all those who have been tragically affected by this abhorrent violence. This has particularly impacted the Jewish community of Sydney and across Australia, a community that is an integral and cherished part of our multicultural society.

We stand in solidarity with the Jewish community and all who have been affected by this senseless violence. Everyone has the right to safety, security and freedom from fear.

We condemn these acts of antisemitism, extremism and violence in the strongest possible terms. We reaffirm our commitment to the rule of law, which underpins the safety and security of all in Australia.

We are united in our resolve that such acts of violence and hate will not undermine the values of inclusion and fundamental freedoms, including of religion and other rights, which define our community.

Learn more
News

LPLC Annual Report 2024-2025

17 Nov 25

The LPLC is proud to present the Annual Report for 2024-2025. This high was tabled in the Victorian Parliament on 12th of November 2025.

Learn more
Alert

Alert - Fake Solicitor Websites

Cyber security 15 Aug 25

Cybercriminals are creating fake solicitor websites with domain impersonation.

Learn more
All News & Alerts
TOP