OAMIC's Cyber Liability and Data Breach Endorsement

In 2010 the American Bar Association formed an Ethics Commission to address the technology topic in general.  This paper basically expressed concerns, but little or no solutions.

Some areas of concern expressed by the Commission included:

  • Unauthorized access to confidential client information (hackers, vendors, outside parties)

  • Unclear policies re:  ownership of data

  • Policies for notifying clients of data breaches

  • Policies for data destruction

  • Insufficient data encryption

  • Cloud computing services; storing or transmitting client’s confidential data

Clearly, Cyber-Liability is emerging as a concern in lawyers professional liability insurance.  It is an area of evolving exposures that are very real.  Yet, the majority of businesses, which include law firms are unprepared.  Some have said it is no longer a matter of if, but rather when a cyber related threat confronts a particular business.  We need to address this and there is no time like the present.

PricewaterhouseCoopers’ Forensic Services Group recently stated that law firms are more at risk than financial institutions to be breached.  Yet, cyber coverage for law firms is a big hole.  That is no longer the case for OAMIC Policyholders!!

Each OAMIC policy issued in 2013 will have a Cyber Liability – Data Breach Endorsement attached.  We believe this is an important part of overall protection and risk management for law firms.  We are proud to be the first insurance company embedding this coverage as part of our lawyers liability insurance policy.  Our next step is to develop risk management measures to combat these exposures.

I have to admit, for a long time I did not fully appreciate the many important facets of coverage required in order to construct a comprehensive cyber/data breach coverage form.  At first, I only thought in terms of the third party liability issue – probably because that is what we do.  As far as I’m concerned, this is still the most critical aspect.  However, it is arguably already covered in the OAMIC LPL policy; or at least not excluded.  Also, it makes great sense to create a sublimit, so that your main limit for LPL is not impacted by a data breach claim.  In addition, the Endorsement also provides very important first party coverages, i.e. you might very well need someone to forensically uncover why or how you were hacked; someone to advise and structure communication advising clients a breach has occurred; and mailing costs for that communication.

The OAMIC Endorsement provides the following:

  • Privacy Breach Response 

  • Legal Forensic (including credit monitoring)

  • Regulatory Defense and Penalties 

  • Crisis Management and Public Relations

  • Cyber Extortion 

It has been said that cyber risk is the current exposure that cannot be ignored.  An argument could be made that there is no excuse for not having the coverage and this could be said for the insurer providing, as well as the insured buying.  Thankfully, OAMIC and its policyholders no longer have to deal with that argument.