CYBER CRIME – A LAW FIRMS OBLIGATIONS FOLLOWING CHANGES TO THE SRA PRACTICE NOTE

Attention Law Firms!  The SRA have recently released a practice note giving instruction (not just guidance) on how it wishes firms to react to cyber attacks in the wake of the breach of the security protocols of CTS, and it’s effect on the legal sector.   It emphasizes the need for law firms to frame their cyber security in terms of their obligations to clients and the firm, and that any significant breach of the firms protection should be reported.

Did you know that;

  • One of the things that cyber Insurers offer to their customers is an emergency triage service that acts immediately to recover client money if it has been intercepted (if it is not too late). Professional firms specialize in tracking and recovering funds and work alongside Insurers to do this.
  • With Cyber Insurance, where a firm has to notify the data commissioner of a leak, there is protection in place in the event that the management team are called to account on any regulatory matter
  • The policy, if purchased, will also assist with the inevitable reputational issues which occur where there is a wider loss of client funds, and where often firms struggle to survive as a result of a loss of confidence

Policy wordings vary and some Insurers will exclude pre existing viruses lurking in their systems prior to going on cover, so we would advocate speaking to a knowledgeable broker who can help with the scope of coverage.

Having a cyber policy in place is crucial for any business. Not only does it demonstrate to the SRA and the ICO that cyber risk is high on your agenda, but it also shows that you are taking the risk seriously. The financial protection provided by the cover is just the beginning – the services that accompany it offer additional strength to your risk management. Protect your business and show your commitment to cyber risk management by implementing a robust cyber policy today

QPI – quality, professionalism, integrity.

January 2024