A new report shows that more than seven out of ten law firms in England and Wales are still without cyber-insurance – despite rule changes in 2021 that expose them to potentially heavy losses if they suffer a cyber-attack.
The finding is contained in a report from the Law Society of England and Wales on trends in professional-indemnity insurance (PII), based on a survey of 600 law firms and sole practitioners that took out PII between November 2022 and February.
The Law Society Gazette of England and Wales says that the survey shows how the toughest market conditions for 20 years hiked operating costs at every size of firm.
The median cost of compulsory cover rose most at firms with between five and ten partners – a 23% rise to £140,000 in the last financial year. Sole practitioners saw a 15% rise.
Two dominate market
Since 2018, the cost of PII premiums as a percentage of turnover has almost doubled. Overall, the median cost of compulsory cover is up nearly a third on 2018, to £16,000.
Just two insurers now have over 40% of the market – Travelers with 28%, a doubling in market share since 2018, and Sompo with 14%.
The research also found that purchasing PII has become more difficult, while the level of risk for law firms has increased due to rises in the amount of conveyancing work and number of fee-earners.
The proportion of firms renewing on the traditional date of 1 October has fallen from 64% to 39%, while the median excess on claims is £5,000, with large firms paying much more.
Society President Lubna Shuja commented: “Although stability is returning to the market, the process of buying PII has become harder.”
Urging firms to consider buying cyber-insurance, Shuja pointed to official figures showing that 10% of businesses in Britain had experienced cyber-crime in the last 12 months.
“Considering how much more work is being conducted online post-pandemic, the low take-up is concerning,” Shuja stated.
The report from the solicitors’ organisation shows that one-third of firms thought about buying cyber-insurance, but did not go on to make a purchase. Almost 40% of firms did not even consider it.
In 2021, the Solicitors Regulation Authority revised its minimum terms and conditions for PII to make it explicit that any first-party losses (those affecting the firm rather than clients) resulting from cyber-attacks or other IT problems were excluded from cover.