Help Legal Professionals Understand Their Cyber Threats
Cyber risk is a rapidly evolving threat. As IBM’s recent Security Intelligence Report states, “Almost as fast as the cybersecurity industry releases new security tools, adversaries evolve their techniques to circumvent them. This year will be no different.”1
The prevalence of hybrid work can make those risks more difficult to manage: humans remain the biggest threat to an organisation’s cybersecurity, particularly now as we routinely migrate between home and office working environments with devices that hold sensitive data.
Law firms must be especially vigilant. Not only are they appealing targets for cyber crime, but they are also being held to account when cyber-attacks succeed. Last summer, the National Cyber Security Centre and the Information Commissioner’s Office made this clear when they reminded solicitors of their role in reducing ransomware, the biggest online threat to the UK.2
Managing this challenge calls for employees throughout a firm to have strong knowledge of, and adherence to, cybersecurity protections. It requires coordination well beyond the firm’s IT department.
“In a law firm, members of the senior leadership team must feel confident in approaching their cyber and finance teams about prioritising and paying for the appropriate cybersecurity protections,” said Sharon Glynn, Large Law Firm Underwriting Director for Travelers Europe. “Lawyers must be conversant in the cybersecurity threats faced by their organisations, clients and suppliers.”
Brokers can start the conversation
Cyber threats can be overwhelming. You can prove your worth to your clients and become an invaluable partner by providing ongoing education in plain terms. Helping lawyers stay abreast of evolving cyber threats empowers them to minimise the risk of cyber-attack and, if one should occur, to limit its damage.
First, law firms should review their existing cyber risks to identify potential vulnerabilities. This includes assessing how the firm stores and secures sensitive data, how that data moves throughout the business, and who can access it. What policies are in place to protect the business? How are employees currently trained about existing threats, and instructed to identify and report suspicious activity? And as firms have adapted their technology to changing working environments, have their systems and policies been updated?
Then a firm can fine-tune its technology controls and employee policies to enhance security. Increasingly, insurers are requiring business customers to have protections, such as multifactor authentication, in place as a prerequisite for obtaining cyber insurance cover. You can explain to your legal clients why that has become a necessity. According to the 2021 Verizon Data Breach Incident Report, 80% of data breaches involve the use of weak passwords or stolen credentials. Law firms looking for protection against cyber risks need to demonstrate that they are aware of and appreciate the threats. Additionally, they must also show they have made a commitment to reducing threats and be able to illustrate the steps they have taken. Part of this is setting up hurdles that make threat actors move on to easier targets.
Having the right protection for today’s risks
As cyber threats evolve, so too will the technology, employee practices and ongoing governance that businesses need to adopt in order for insurers to underwrite their risks. A firm should undergo stress testing on a regular basis to identify weaknesses in its cyber security, and then make changes. Throughout, you can help your legal clients assess and manage their risks, and then advise on additional protections.
This guidance can be especially valuable in deterring would-be cyber-attacks at a time when UK is struggling with high inflation and stagnant growth. Such an environment can make businesses scrutinise their budgets and open windows of opportunity for threat actors.
“As long as businesses are being stretched, it’s natural for them to try to do more with less,” said James Doswell, Cyber Risk Manager at Travelers Europe. “But as cyber threats expand and evolve, protections need to remain a priority. By helping law firms make an objective assessment of their risks and clarify the protections they need, brokers can become critical partners to these clients.”
Visit Travelers to learn more about cyber risk management and insurance protections available to the legal sector.
The information provided in this document is for general information purposes only. It does not constitute legal or professional advice nor a recommendation to any individual or business of any product or service. Insurance coverage is governed by the actual terms and conditions of insurance as set out in the policy documentation and not by any of the information in this document.
Sources
1 https://securityintelligence.com/articles/cybersecurity-trends-ibm-predictions-2023
2 https://www.ncsc.gov.uk/files/Joint-ICO-and-NCSC-letter-to-The-Law-Society-and-The-Bar-Council-V1.pdf