“From a cyber security perspective, law firms have long been considered the soft underbelly of professional services firms, though we have seen many larger firms investing more in cyber security following incidents like the Panama Papers leak. The interplay of Cyber, Professional Indemnity, and Crime insurance policies has never been more important than in the current environment of ‘Fake CEO’ style attacks, which often rely on a combination of social engineering and hacking to create a sense of realistic urgency around a fraudulent payment request.
“The NCSC report also highlights the importance of preventing email hacking fraud, in which cyber criminals change the bank details so that payments are diverted. Law firms should carefully examine their insurance portfolio to ensure that they understand if this is a loss that will be paid or not. Law firms also need to remain vigilant and ensure all staff are suitably trained to spot ‘Red Flags’ indicating suspicious behaviour.
“If following a breach it is found that appropriate checks and measures were not implemented to manage this risk, controlling partners could be held to account in their management capacity. This would fall outside of a firm’s Professional Liability cover and be an unpaid loss unless Directors and Officers cover is in place.”