Insurance policies will have to make clear whether cover is provided for cyber-losses, under new rules agreed by the body that regulates solicitors in England and Wales.
According to the Law Society Gazette of England and Wales, the new clause outlining the extent of cover will be added to the minimum terms and conditions of law firms’ professional indemnity insurance (PII) policies.
Policies will explicitly mention cover for cyber-crime, and specify what losses fall within scope for a potential claim.
The minimum cover is for client and third-party protection: losses to the law firm (first-party losses), except for certain costs of investigating and defending a claim, are not covered, and firms can choose to purchase a separate cyber-policy for other risks.
The Solicitors Regulation Authority (SRA) proposed the additional clause after the Prudential Regulation Authority and Lloyd’s of London asked insurers across Britain to make sure they focused on losses arising from cyber-crime in all policies.
A consultation followed over the summer, in which the SRA worked with the Law Society of England and Wales, and insurer representatives, to create the new clause. Depending on approval from the Legal Services Board, the clause should be in place for renewals from early next year, the Gazette says.
Paul Philip, SRA chief executive, said that law firms were attractive targets for criminals.
“The clause on cyber-losses provides real clarity for consumers, law firms and insurers about client and third-party protection in the event of cyber-attack, without changing the amount of cover specified by the minimum terms and conditions,” he said.
The SRA says that the proposed change should not directly alter premiums paid by law firms, as claims for civil liability caused by a cyber-attack have always been considered to be in scope of a compliant PII policy.
Insurers can continue to offer stand-alone policies to law firms, but the regulator is not mandating that law firms buy separate cyber-insurance policies.