Law firms’ cyber security plans becoming number one issue for indemnity insurers
Brown: firms need to examine whether extra layer of cover needed
Cyber security is becoming a central issue for professional indemnity insurers, and firms will in future need to demonstrate what protections they have against cyber criminals before they are offered cover, a leading broker has predicted.
Speaking at the Legal Futures Regulation & Compliance Conference in London last week, Richard Brown, an executive director at Willis, said the issue of cyber security was fast becoming the “number one” issue of underwriters.
Third-party losses from cyber security breaches were covered under indemnity policies, he said. “I think more and more insurers are going to be looking at you to tell them what you are doing about cyber and your cyber protections.”
He added: “There is ‘phishing’ going on to get you to make payments on a Thursday afternoon, or a Friday. We’re even hearing about internal e-mails that are phishing e-mails, that look like they are being sent from one partner to the finance director, authorising payment.”
On other issues, he described the new ability of firms to move their indemnity insurance renewal dates as useful mainly for larger firms, saying that smaller firms would benefit from the scale involved in many firms buying insurance at the same time. “For the majority of firms, they are probably better served in the bulk buying spike”.
He said the outcome of last year’s attempt by the Solicitors Regulation Authority to cut the minimum level of professional indemnity insurance to £500,000, which in November was rejected by the Legal Services Board, had preserved one part of a two-part proposal – that firms assess the appropriate level of cover themselves.
“So what you ended up with was a knock back on the level of cover, which remains at £2m or £3m. But what they then did agree is that you must assess the level of cover appropriate for your firm. That has gone forward and now has become part of your regulation.
“So… you now have to… demonstrate… that you have actually considered what level of cover is appropriate for your firm… That is something you’re going to have to think about and perhaps pay more attention to than you have in the past and consider whether you should be buying excess layer insurance.”
He observed that the trend in more firms buying insurance from rated insurers had led to around 1,250 firms switching – about half of all the firms previously insuring with unrated companies. He said he expected the trend to continue.
Overall, Mr Brown concluded that the indemnity market was “pretty steady” and that premiums had not risen, even though fee income to the profession as a whole was rising. “We saw plenty of firms that were allowed to increase their fee income by 10-15% without any impact on their premiums… We see no reason why that won’t continue this year.
“We are seeing a pretty benign market. We are seeing some new entrants, some extra capacity and it is a classic supply and demand market. If there’s extra supply, the prices will go down or we’ll manage those fee increases.”
Tags: cyber security, professional indemnity insurance
Leave a comment
* Denotes required field