Cyber Attacks – The Why, The How and The Moving Forward

Following the recent Cyber attack which affected over 80 law firms last week, the subject is clearly one of much discussion.  Let us not judge but let us look at the facts of how and why cyber attacks happen and the steps which should be taken following such an attack.

So, why do cyber attacks occur?  Well, predominantly we know that many of the day to day issues are caused by human intervention in the law firm and therefore to some degree preventable.

What do law firms do wrong in these instances?  In many cases, for those with Cyber Insurance, they fail to tell their broker and insurer at the outset to trigger the emergency support function from the cyber insurers IT people who can help to stop it in its tracks and identify any further hidden problems. For those firms without cover, they have to react to the situation at the time when it impacts them most.

Does anything exacerbate the issue?  

Yes, many law firms give the GDPR function within their practice to a non-specialist.  Where this is the case often data breaches are not recorded properly which compromises the firm’s defence.

Another misconception is that law firms think that their IT providers will sort the problem but the reality is that they often can’t.

So, what should law firms do to ensure they are adequately protected after they have considered and implemented the measures set out above:

They should speak with a specialist broker who will ensure that they have a cyber security policy to protect them adequately.  Cyber policies are complex and vary considerably. For example, many Cyber Policies contain a clause that exclude pre-existing viruses so many insured firms try to claim but can’t because their broker hasn’t brought this to their attention.

Why should firms speak with QPI?

To ensure they understand the protection and how cyber dovetails with PII, to help in post loss situations where they need to get back on their feet again and also undertake damage limitation in terms of reputational matters. Because many brokers don’t communicate the detail and how it works, a firms cover is only as good as the quality of the broker who placed it.

Jonathan Cook

QPI – December 2023