1 min read
Cyber Security Month Round Up
October is National Cyber Security Awareness Month. To get you on the right track, we’ve pulled together our favorite cyber-related podcasts from...
We've crafted solutions tailored to your firm
The world of insurance for law firms can be confusing, and difficult to navigate. We've created this glossary because these common insurance terms should be easy to understand.
8 min read
Mark Bassingthwaighte, Risk Manager : Feb 21, 2018 12:00:00 AM
There are two types of businesses – those that have been hacked and those that don’t know they’ve been hacked. This may sound like hyperbole, but it’s fairly accurate and many of those businesses are law firms. So you may ask yourself, how do I protect my law firm from a hack? Mark sits down with ALPS Director of Client Services, Matt Lubaroff, to discuss how ALPS has improved ALPS Cyber Response, our first-to-market cyber policy available exclusively to our legal malpractice insurance policyholders and designed to stay ahead of emerging cyber threats.
ALPS In Brief, The ALPS Risk Management Podcast, is hosted by ALPS Risk Manager, Mark Bassingthwaighte.
Transcript:
MARK:
Welcome to another episode of ALPS In Brief. I’m Mark Bassingthwaighte, the Risk Manager at ALPS, and we’re recording here at the historic Florence Building in Missoula, Montana. I’m very pleased to have as our guest today Matt Lubaroff, the Director of Sales, Marketing, and Customer Service here, and today we’re going to talk a little bit about cyber insurance.
Matt, in terms of over the years of my experiences consulting with lawyers, conducting risk visits and these kinds of things, it’s somewhat common for lawyers to have this belief that we’re not big enough in terms of our firm, in terms of size. We’re not going to be on the radar of hackers and these kinds of things. I guess, would you agree or do they face a problem that they really need to be concerned about? Do you have some thoughts on that?
MATT:
Yeah. Thanks, Mark. I would not agree. Maybe 10 or 15 years ago, it was probably the case because hacking was new. We didn’t know what ransomware was. We didn’t know what clicking on click links were and how that impacted us. But it’s evolved into probably one of the most sophisticated industries out there, where some of the best technological minds unfortunately are using their skills for evil and not for good. So it really becomes a matter of when any business, but specifically law firms, will get hacked. Not a matter of if.
MARK:
Yeah. I love … there’s a … the FBI has put all kinds of information out there, but for law firms and businesses in general, and there’s a great quote from one of the FBI guys. It’s been maybe a year or so, but he basically said there’s two types of corporations in the world. Those that have been hacked and those that don’t know they’ve been hacked.
MATT:
Yeah. It’s accurate. We all click on things, and go, oh, I didn’t mean to do that. But it’s a little too late at that point.
MARK:
Well, and I absolutely agree with you, in terms of regardless of size, that law firms have a significant risk. Can we talk a little bit about solutions. What kind of solutions can we bring to the table and help with here?
MATT:
Well, there’s really two types of solutions that I suggest. One, of course, is insurance. Lawyers are trained in ways to manage their own risk. They go to law school not just to learn the substance of law and how to provide services to the community, but they also spend a lot of time in risk management techniques. They build practices that are successful. They build practices that help in our community, and the majority of lawyers out there are purchasing malpractice insurance in case a client sues them. But not enough lawyers and not enough law firms are buying cyber insurance.
One way to prevent something is to purchase a product that will protect you should something happen. Because accidents do happen. The other one that’s probably just as important is training. Employee training. Some of that comes from understanding, is how to prevent a hack. What are systems, both technical and people-wise, that you can put in place to make sure that you are up to speed with techniques that will prevent that hack from happening in the first place.
MARK:
Right. A lot of what I do … I try to talk, whether it’s again consulting or lecturing, I try to talk about the necessity of, if you will, securing the human. Now that certainly is frontline defense. But this other piece of the insurance is absolutely essential and necessary, because again, it just … a naïve, innocent misstep, clicking on the wrong link, opening the wrong file or attachment or these kinds of things can lead to just devastating consequences.
Now for some time, ALPS has brought to the table, if you will, for our insureds, a basis cyber insurance policy, but we are just launching now a new product. Can you explain and share where we’re going with this type of coverage?
MATT:
Yeah, Mark. Happy to do so. We’ve tried to also adapt with the times. We’ve had the cyber policy available to our law firms for low per lawyer cost and lower limits for several years now. As our hackers have become more and more sophisticated … we’re all familiar with malware and ransomware that have become more and more popular, both on TV shows or in just the unfortunate press of everyday life. We’ve increased that coverage to provide more of that protection. Also expanded the liability coverage to handle really three different ways of providing the coverage.
MARK:
Interesting.
MATT:
There’s one set of limits is available for that indemnity or kind of make yourself whole. So if you get hacked and there’s a cost to you as a law firm, there’s one aspect of the policy that provides that coverage. But there’s two other towers or layers of coverage that we’ve included in the new policy that are just as important, if not more important.
One is that prevention. The response to the hack or to the privacy breach. We need to figure how it happened, where it is within your computer systems and how to prevent it from happening again.
MARK:
This is dealing with some of the forensic teams that come in and the costs associated with that.
MATT:
Yes.
MARK:
Right, okay.
MATT:
The third one is … I think you were telling me in an earlier conversation that 47 of the 50 states have-
MARK:
Breach notification.
MATT:
… breach notification laws and requirements.
MARK:
Right, right, right.
MATT:
And so there’s an available limit of liability should there be some notification requirements within that breach.
MARK:
Yes, which can be very, very costly. A lot of people don’t understand what did these regulations mean? For example, it’s not in terms of the breach notification regulations that you’re subject to. It’s not where the breach occurred. It’s where anybody impacted by the breach resides. When you think about law firms that have clients and all kinds of other people in their databases that cross these borders, this can get costly quickly. It sounds like we’ve got a wonderful product here at-
MATT:
Yeah. The thing is, is these are very complicated situations.
MARK:
Yes.
MATT:
Let’s just take the situation where a firm has ransomware. Ransomware is defined as your data is now encrypted, and the only way for you to get back your data realistically is to pay the ransom. If you think of how a typical cyber policy might respond is you have a payment of ransom. That’s cyber extortion. You have the forensic investigation which is that breach response, that second tower, so to speak. Then there’s the expense to restore the data from the backup that hopefully you have. That’s data protection.
Then you’ve got a loss of business. There are hospitals, stories of businesses that have had to shut down completely because what they need they can’t get to. So that’s network business interruption. Then you have the response, to your point, to the regulatory inquiries. You need an expert to navigate through that. You don’t want to do it poorly. You don’t want to do it too quickly, but you have to make sure that you follow the letter of the regulatory laws.
And then you have these individual third party claims where it wasn’t your data. It was somebody else’s data that maybe you’re in care or control of, and that third party, that other group, has been impacted by that data being stolen or lost, and there’s susceptibility for claims there.
MARK:
Okay, wow! You convinced me when I started to think through all of these different exposures and you think at times initially, oh, I get hacked and you just bring … this is pretty complex stuff and spins out in all kinds of directions. I love it. You convinced me, and I hope many of the folks listening to us, of the value and need for a product like this. Can you share a little bit about okay, I’m an ALPS insured. How do I get this? What are my options? How do I go through this process?
MATT:
Well, one of the things that we’ve aimed to do is make it as easy as possible for you. When you have your quote, when you’re accepting your ALPS policy-
MARK:
We’re talking about the quote for the legal malpractice coverage.
MATT:
Yes.
MARK:
Okay.
MATT:
When you’re being quoted or accepting your lawyer’s malpractice insurance, you automatically have the ability, with no application, to accept our low limit, low cost charge per the attorney, right around $50. You don’t need an application. Just accept it, sign, pay-
MARK:
That makes it pretty easy. Yeah, wow!.
MATT:
… done. We have some different limits-
MARK:
Nice.
MATT:
… based on the firm size, but there’s no extra effort required. We also are very, very happy to offer limits up to a million dollars, which if you think of the susceptibility of data and how quickly things can happen and spiral out of control, the ability to secure your data and have response services available to you for up to a million dollars of limits is also important. There’s no application required.
However, we do have some risk management suggestions that we can help you put in place to make sure that there’s no … we can continue to proceed, get you those limits, protect your law firm. They’re a little bit more expensive. We have some minimum premiums and higher per attorney costs, but what I can say without any concern is that it’s the easiest process, the lowest cost, and I’d argue, probably the best policy out there in the marketplace.
MARK:
Yeah, yeah. And it’s my understanding this policy’s the first out there to be designed, written intentionally, or directed at law firms. Am I correct about that?
MATT:
You are correct. We’ve partnered with Beazley, United States and Beazley London, who’s probably the leader in this space as it is anyway.
MARK:
Yeah. Absolutely. Yeah.
MATT:
And they worked with us to provide a custom form, custom policy and custom process specifically for the ALPS lawyers book.
MARK:
Yeah, yeah. Well, I appreciate your sharing all this, Matt. From my perspective as a risk guy, and just an individual living in this crazy world, this is a screaming deal, as I see it. Personally, I’m not trying to tell everybody to go out and buy these policies in the sense … but how can you afford not to do this? When you look at the frequency of the attacks, the severity of these kinds of attacks, and it seems like you guys have really done a great job of putting a fantastic policy together that covers all these things. We’ve made it as easy possible. Just wow! Well done. Job well done. Do you have any final thoughts before we wrap this up, Matt? Anything else you’d like to share?
MATT:
Yeah, I would just encourage folks to talk to their account manager if they’re an insured, if they’re in the process of applying with any type of insurance, specifically lawyer’s insurance. Make sure they’re asking about this. It’s really a shame. It’s unfair when businesses or law firms get hacked. It’s scary because there’s people out there smarter than us that are coming up with ways more devious than we could ever imagine to get access to that data, and we all deserve to have our data protected. We all deserve to have experts by our side who are helping us prevent it and walk alongside that path to recover, should a hack happen.
MARK:
And a closing thought that I would have, just as, again, coming at it from the risk perspective, is we are charged with protecting the confidences of our clients. I just think even as a consumer … you and I suspect, in terms of just statistically, are victims of the Equifax breach. I have some feelings about Equifax that are not the most positive things right now. I just encourage all of you listening out there to appreciate, too. If you ever are breached and don’t have this type of insurance out there and can deal with this in a responsible way, how do you think your clients are going to respond? I just invite you to look at it from that perspective, too. It’s another way to come back and say I just don’t understand how you can afford not to do this. How you get to that point.
Well listen, Matt, as always it’s been a pleasure. Thank you.
ALPS In Brief Podcast Intro/Outro Music: Walk In The Park by Audionautix is licensed under a Creative Commons Attribution 4.0 license. https://creativecommons.org/licenses/by/4.0/
Artist: http://audionautix.com/
Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.
1 min read
October is National Cyber Security Awareness Month. To get you on the right track, we’ve pulled together our favorite cyber-related podcasts from...
14 min read
In this episode of ALPS In Brief, Mark and the founders of Sensei Enterprises discuss cybersecurity options and support for solo and small law...
15 min read
On this special Valentine’s Day episode of ALPS In Brief, Mark sits down with Joshua Lenon, lawyer in residence and data protection officer for Clio