Sep. 19, 2016
The Baker Hostetler Law Firm, a recognized expert on regulatory and legal consequences of data breaches, has released its 2016 Data Security Report titled, Is Your Organization Compromise Ready? In the 300 incidents handled by the firm in 2015, phishing, hacking, and malware took the lead, accounting for about 31% of incidents investigated. However, after analyzing the underlying issues that allowed the attacks to succeed, the findings showed that human error was a significant factor over half of the time.
The report is a must read for law firms that have yet to prepare for the eventual Cyber Security Breach with today’s sophisticated, ever-evolving cyber threats. The report highlights that one of the readily available weapons in a law firm’s arsenal to defend against cyber threats is Cyber Liability Insurance.
Cyber liability insurance policies give policyholders access to the latest in risk assessment and risk management resources. Those resources will help a law firm identify and address network and system vulnerabilities. Law firms have an ethical and legal obligation to protect the confidential digital information of clients and; being proactive and not reactive, is the difference between effectively and efficiently shutting down the cyber criminal.
The Baker report sites that a company's ability to get a forensic firm engaged quickly is key and found that the average amount of time from discovery until containment was 7 days. Below is a graphic of the incident response timeline. Cyber Liability Insurance allows a firm to work immediately with predetermined “privacy counsel” and forensic investigators.
The Baker report also found that with effective forensic investigation, not every incident results in notification or “public awareness”. Approximately 40% of the incidents Baker investigated in 2015 did not require notification. Two of the most common reasons notification was not required were (1) because the information at risk did not meet the definition of “personal information" and (2) a forensic investigation determined that there was no unauthorized access or acquisition of personal information. It was also pointed out that companies can most improve their cyber security exposure by:
Baker says: “Knowing with greater certainty what was at risk and having the ability to show that certain data elements were not affected often play key parts in a company’s dialogue with regulators and customers, and provide defenses in enforcement actions and lawsuits”.
Ready to get a premium estimate for your own Cyber Insurance?
Questions about Cyber Insurance and want to speak with an expert?
Cindy Wiedman, founded Wiedman Insurance Services, LLC (LiabilityPro Insurance Advisors*) August 1, 2014. Cindy is a Registered Professional Liability Underwriter (RPLU) and has designed and administered professional liability insurance programs over a 35-year career working for various insurance administrators in the Midwest such as Shand Morahan & Company, Kirke Van Orsdel, Marsh and Lockton Affinity.
*Currently working with investment advisory businesses domiciled in Iowa, Minnesota, Kansas, Illinois and Nebraska.