If you’ve been conscious for 15 consecutive minutes or more at any point over the past five years or so, you’ve no doubt heard news about a major hack. It’s everywhere, extending even to domination of the presidential election campaign. Your business is at risk, your clients’ data is at risk, and you need to be involved.
Sure, but even the best laid plans can suffer the same fate of the great city of Constantinople – one unlocked door and your city has fallen! Fortunately, you’ve actually got the opportunity to protect your business in a way that the Byzantine Empire couldn’t – insurance. Specifically Cyber Liability Insurance.
There’s a lot to cyber liability insurance, so we’ll take this in several parts. In this part, we’ll be talking about the expenses you’ll likely run into in the event of a cyber-attack, and therefore need to ensure your cyber liability policy covers:
The 5 Major Expenses Your Cyber Liability Policy Better Cover!
1) Parachuting Professionals
You need an emergency response team. Think of them as a really nerdy version of Seal Team Six. Think I’m being overly-dramatic? Well, you’re right. However, you should be aware that most cyber liability claims that exhaust the policy limits do so covering the costs in this category!
If they can do this, imagine what they’ll accomplish when they land!
So, you’re going to need…
Forensic IT Specialists
You need immediate and effective analysis of your system to determine the size and scope of any breach, and professionals with the experience and training to eliminate any active threats to your system, limit the damage being caused by existing penetrations, and shore up your short-term defenses.
Legal Advisors (immediate)
One of the most critical (and coming soon, most litigated) roles you play when your law firm has been the victim of a cyber-attack is to be a “Paul Revere” to your clients. No, not an over-hyped historical footnote who we only know today because his name was easier to rhyme than any of the important people involved with the American Revolution (touché, by the way). You need to warn your clients and anyone whose personal information may have been stolen.
In fact, in 47 states (soon to be 50, so just deal with it), you have a legal obligation to notify those people within a specified period of time!
Your emergency response legal team will handle all of the immediate legal hurdles for you (or at least give you a plan). Listen to them. They know that you’re an attorney, and you might even know something about this whole cyber security thing. Remember, an attorney who represents him or herself has a fool for a client – even Clarence Darrow hired a criminal defense attorney. They’re here for a reason, let them do their jobs.
Public Relations
Yes, we all know that you’re a law firm, and therefore probably not on speaking terms with the general public. Doesn’t matter. One of the most important tools you have is your reputation. How did Steve Jobs convince Apple to bring him back, despite his actual track record of miserable failures? Everyone thought he was a genius – and because he was so good at managing his own press, he got the opportunity to prove that, after 25 years of failed products, he could re-package an MP3 player and use it to make Apple the most profitable company in the world.
Your reputation matters, and the information that gets put into the media WILL impact that reputation, especially in the local press.
Most importantly, the experience of being the victim of a cyber-attack is extremely stressful. While you’re stressed out dealing with the ramifications of a breach, let a professional handle all media contacts and set up a plan and a script for responding to angry clients or other inquiries. You’re in a bad spot, no reason to make it worse.
2) Compliance with Notification Laws
So your team of professionals have parachuted into your office and gotten your dumpster fire under control. They’ve also informed you that your state has a requirement for notifying people that their personal data may have been stolen. Your forensics experts pull all the information they can on what data was exposed, and give you a list. You then…? What?
Read the full post The Five Essential Elements of a CYA Cyber Liability Policy on the Logikcull Blog.
About the Author
Brian Focht is a civil litigation attorney and technology enthusiast. In addition to being the author of The Cyber Advocate, he is also the producer and host of the Legal Technology Review podcast, and co-founder of B&R Concepts, a small business technology consulting company.