Plans by the Solicitors Regulation Authority (SRA) to add a new cyber-losses clause to professional indemnity insurance (PII) policies could force some law firms to close, the Law Society has warned.
President I Stephanie Boyce said these were likely to be smaller firms and those involved in conveyancing, which “could have implications for diversity within the profession”.
The SRA launched a consultation last month on adding a new clause on cyber losses to the minimum terms and conditions of insurance to provide “absolute clarity” for firms, insurers and consumers, without reducing consumer protection.
The regulator said with cybercrime a growing threat, the Prudential Regulation Authority and Lloyd’s of London were concerned that some policies were not specific enough about which cyber-related losses were covered and wanted insurers to be more explicit.
The new clause retains cover for third-party losses but continues to exclude any losses that only affect law firms. The SRA said the change should not impact premiums as it was not changing the scope of cover.
The Law Society said that it supported the “thought and effort” the SRA had put into the proposals and accepted the need for greater clarity.
However, it could not support them because it had “significant concerns about the possibility of coverage disputes”.
The Law Society said it could envisage some circumstances where the explicit exclusion of cyber-related claims from a firm’s mandatory PII could result “in a diminution of client protection”, and in rare cases create a substantial risk to consumers.
One “unintended consequence” of the new exclusion clause could be that it would compel firms to purchase cyber insurance from the same underwriter that provides their PII, Chancery Lane said.
“They may feel that they have to do this to avoid the danger of coverage disputes, or situations in which a slow or inadequate response from an independent cyber insurer results in a claim against their PII policy that could otherwise have been minimised or avoided entirely.”
This would “further limit” the insurance options available to solicitors.
“Policy changes that have the effect of narrowing the availability of cover should be avoided at all times, but during a hard market they represent a serious risk of pricing out otherwise good firms.
“These firms would then be placed in the invidious position of operating with cyber insurance which they reasonably fear may be inadequate, or without cyber cover entirely.”
The society said some firms “may even be forced to close” if they felt they could not purchase cyber insurance; though not mandatory, “they may fairly regard it as necessary in order to maintain an ‘adequate and appropriate’ level of cover”.
Ms Boyce said: “These pressures will likely affect smaller firms and those operating in areas such as conveyancing more than larger firms, as they may be likely to experience more serious restrictions of their already limited options.
“This could have implications for diversity within the profession, as well as posing concerns about access to justice in communities that may already be underserved.
“Unless these issues can be resolved, the proposals set out in this consultation would present substantial new risks to our members and the consumers of their legal services.”
The Council for Licensed Conveyancers has issued a similar consultation. The range of cyber-related risks covered by its suggested clause include problems with accessing systems, “unauthorised, malicious or criminal” acts, the receipt or transmission of malware, malicious code or similar, and internet failures.