By Sharron Bauer bio
What do you think is the most costly claim your law firm could face? A malpractice claim? Nope. A slip and fall? Wrong again. Give up? A data breach! I can hear you now: Are you kidding me?
Yes, that’s right. The most costly claim your firm faces is probably NOT going to be:
- a grievance filed or a claim against your Lawyers Professional Liability (or Malpractice);
- a slip and fall in your office by a client or delivery person (covered by your General Liability or Business Owner policy); or
- a loss of income due to a fire because you cannot utilize your office space to meet with clients, (which again, should be covered by your Business Owner Policy).
Why? Because, most likely, your firm is already insured and protected for these types of losses. (If it isn’t, we need to talk about that too.) The most you’ll be held financially responsible for is your deductible when it applies (unless the loss is higher than the limits of the policy, i.e., you are under-insured).
With a Data Breach, whether via paper files that don’t get shredded, a lost laptop, stolen cell phone, email sent in error, or someone hacking your server or a third party cloud based software, all costs—remediation, liability, fines, and penalties—associated with complying with state and/or federal laws pertaining to the data breach, rest solely with your law firm.
Again you ask, why? Because in all likelihood, your firm is not protected from this type of loss. But it could be, with the right Cyber or Privacy Liability policy. And compared to the possible loss your firm could suffer, it’s pretty inexpensive.
The average hard cost of responding to a data breach, including the investigation, notifying clients, credit monitoring, etc., is $195 per record. This doesn’t even include liability and fines or penalties for not complying with state or federal laws.
But, you say, this type of thing only happens to Target or Home Depot, not my firm, and not anyone I know. And here’s where you may be wrong, because of two alarming statistics:
Statistic #1: Approximately 50% of all data breaches are the result of employee errors, such as:
- putting files that were supposed to be shredded in the wrong box and instead ends up as someone’s dumpster dive night;
- E-filing and un-redacted information;
- a stolen laptop or brief case with client information;
- emails with spreadsheets of employee medical and insurance info sent to the wrong email address; or
- the biggee: stolen cell phones with access to email accounts (do you really think a 4 digit pin will keep it from being accessed?).
Plus the fact that whatever you send in an email, text or by electronic means is not guaranteed to stay private or confidential (remember SONY?).
Statistic #2: 71% of cyber hacking is being directed towards small to medium size companies because they are considered easier prey. Within that, companies with confidential medical information are being singled out in particular, because this information sold on the black market, yields much higher profits, than regular Personal Identifiable Information (PII). Add to that, case files full of medical, financial and PII, and you are a target.
You are not alone; 48% of small business owners do not have a strategic approach (Cyber Security Plan) in place to keep their business secure. But you can do better and protect the company you have worked so hard to build. A Cyber or Privacy Liability Policy—the right one—should be part of that plan.