Cyber-crime is on the rise in Australia as criminals shift their attention to opportunities in the online world.
LPLC has observed that cyber-attacks cause significant disruption and losses to a law practice – not only the costs of investigation, IT remediation and getting a business back up and running, but also the losses of income and expenses incurred by interruption to a firm’s day to day business.
The LPLC Professional Indemnity Policy of Insurance provides cover to law practices for civil liability in connection with a firm’s legal practice and associated defence costs. Claims to which the LPLC policy responds usually involve a client alleging loss as a result of acts of negligence and/or breach of duty. In other words, claims brought by third parties against legal practitioners. Claims by third parties brought against practitioners for damages relating to cyber-crime also usually fall within the ambit of the LPLC Policy. The LPLC policy however does not cover the firm’s own business losses (first party losses), for instance, the costs of interruption to the firm’s business, retrieval of electronic data, the IT costs and other costs of remediating a cyber-security breach and regulatory fines and penalties.
There are many cyber risks existing and emerging and only some of them will be covered by LPLC’s professional indemnity policy. The LPLC are aware that many firms have been looking for cyber insurance cover to supplement their other insurances.
The LPLC have worked with Marsh who have arranged a commercial cyber insurance policy, underwritten by Chubb, that will sit alongside LPLC’s professional liability coverage for firms. It is an optional cover which firms can choose to purchase.
Visit the Marsh website for more information about the policy. The FAQs on this page answers questions about cyber insurance and how the Marsh policy intersects with the LPLC Professional Indemnity policy.
Marsh/Chubb cyber insurance policy FAQs
Cyber insurance is insurance for the costs associated with data breaches, cyber-crime and cyber-related threats which cause damage through attacks against business information systems or which arise from the use of technology within organisations.
Cyber insurance has developed in response to the growth in cyber-crime and risks related to the collection and use of data as society becomes more digitally connected and technology-interdependent.
Cyber-related events result in both first-party and third-party losses. Cyber insurance responds to losses that are specified in the cyber policy.
First-party loss is loss suffered by the insured itself when a cyber event occurs. These are primarily expenses incurred by an insured to investigate, respond and remediate a cyber incident but can also include business interruption costs, loss of profits, regulatory fines or penalties, and ransom payments.
Third-party loss is loss suffered by clients or other parties resulting from a cyber incident which an insured caused to occur or had an obligation to ensure did not occur. These losses are generally the subject of a claim for damages or compensation by the client or third party, pursuant to a recognised cause of action such as a negligence claim, or an action for breach of confidentiality. They may also result in significant defence costs.
No, cyber insurance is not compulsory for law firms.
Only professional indemnity insurance is compulsory.
Although there can be some overlap, cyber insurance and professional indemnity insurance are different types of insurance.
Yes, LPLC’s policy does cover certain cyber risks. LPLC’s broad professional indemnity policy includes cover for damages/compensation claims in connection with the firm’s legal practice arising from cyber-related events.
Examples of cyber-related claims covered by LPLC’s policy include:
- compensation claims for breach of confidential information or breach of privacy
- damages claims for defamation committed on-line
- claims for loss of client funds through business email compromise (i.e. email hacking by fraudsters redirecting settlement money).
However, LPLC’s professional indemnity policy does not cover a firm for its own losses arising from cyber-related events or for regulatory prosecutions, fines or penalties.
The Marsh/Chubb cyber insurance policy is an optional insurance policy available for law firms to purchase (through Marsh, international insurance brokers) to insure themselves against the specified cyber risks covered by the policy.
The policy is underwritten by Chubb Insurance Australia Ltd (ABN 23 001 642 020; AFSL 239687).
Marsh have negotiated with Chubb to arrange the policy wording and premium rates.
Marsh is offering the policy and premium rates to law firms who have their professional indemnity insurance policy with LPLC, and the policy wording is tailored accordingly.
Cyber incidents are a growing threat to law practices. In recent years many law firms have experienced cyber incidents such as ransom attacks, denial of service attacks and other network breaches causing business interruption, incident-response costs and reputational damage to firms unable to respond quickly and effectively.
LPLC’s professional indemnity policy covers claims made against the firm for compensation or damages arising from cyber incidents but it does not cover a firm for its own costs to investigate, respond and remediate a cyber incident or for business interruption costs, loss of profits, regulatory fines or penalties, and ransom payments.
With cyber-crime on the rise, many law firms have been looking to buy additional insurance protection beyond LPLC’s professional indemnity policy. There are several commercial insurers offering cyber insurance, but the Marsh/Chubb cyber policy has been tailored to sit alongside LPLC’s professional indemnity policy.
LPLC is not receiving any remuneration in relation to the Marsh/Chubb cyber insurance offering for law firms.
What does the Marsh/Chubb cyber insurance policy cover and how does it interact with LPLC’s professional indemnity policy?
The Marsh/Chubb cyber insurance policy is a separate (optional) policy to LPLC’s (compulsory) professional indemnity policy.
It is available for purchase through Marsh insurance brokers.
The Marsh/Chubb policy covers specified cyber-related first-party losses incurred by an insured firm. The LPLC policy does not cover first-party loss cyber losses.
The Marsh/Chubb cyber policy also acts as an excess liability insurance policy sitting above LPLC’s professional indemnity policy in relation to specified third-party cyber liability risks as detailed in the Marsh/Chubb policy wording.
Where the Marsh/Chubb cyber insurance policy sits above LPLC’s professional indemnity policy in relation to a claim for third-party loss, it will respond in accordance with its own policy terms and conditions.
Full details of cover under the Marsh/Chubb policy can be obtained from Marsh.
There is no alteration in cover under LPLC’s professional indemnity policy for any practitioner or firm who elects to purchase the Marsh/Chubb cyber insurance policy.
Chubb has arranged a 24/7 cyber incident response hotline with Clyde & Co Lawyers. The hotline will receive all notifications of claims and circumstances under the Marsh cyber insurance policy and act as a breach coach to provide immediate incident co-ordination to insured firms.
For more information about the notification of claims under the Marsh cyber insurance policy visit the Marsh website.
Yes. Various cyber insurance policies are available for purchase in the commercial insurance market and firms must make their own assessment of the cover that is best suited to their circumstances.
No. Practitioners and firms must make their own assessment and seek their own advice about the Marsh/Chubb cyber insurance offering.
LPLC’s statutory function is to provide professional indemnity insurance to law firms in accordance with Part 4.4 of the Legal Profession Uniform Law.
LPLC is not authorised to deal in other general insurance products or financial products or to give financial product advice.