The Realities of Cyber Threats

In today’s digital age, the threat of cyber theft and wire transfer fraud is more prevalent than ever. As we navigate through significant life events, such as buying a new home, it’s crucial to ensure that all aspects of the transaction are secure. This includes verifying that your wire transfers are protected by cyber insurance.

A Personal Experience from Don I.

Recently, my wife and I made the exciting decision to purchase a new home. Sitting at the closing table, a day that should have been filled with joy and celebration, I found myself distracted by a nagging concern: Does this transaction have cyber insurance coverage for wire transfers?

My wife noticed my unease and asked what was wrong. I expressed my concern to her and then to the closer, asking, “Do you have cyber insurance that covers wire transfers?” To my surprise, the closer didn’t know and had to check with a supervisor. Fortunately, they returned with confirmation that the insurance was in place, allowing me to relax and enjoy the moment.

Why Cyber Insurance Matters

The experience highlighted the importance of cyber insurance, especially in protecting against wire transfer fraud. Cyber threats are not just a distant possibility; they are real and can strike at any time, potentially turning a joyful occasion into a stressful ordeal.

Assess and Update Your Policies

Given the evolving nature of cyber threats, it’s essential to regularly assess and update your insurance policies. Here are some steps to ensure you’re adequately protected:

1. Review Your Current Coverage: Make sure to understand the specifics of your current policy. Does it cover cyber threats, including wire transfer fraud?
2. Ask Questions: Don’t hesitate to ask your insurance provider detailed questions about your coverage. If they can’t give you a clear answer, consider seeking a second opinion.
3. Stay Informed: Keep yourself updated on the latest trends in cyber threats and how they can impact your financial transactions and personal information.
4. Consult an Expert: An experienced insurance agent, like myself, can help you navigate the complexities of cyber insurance and ensure you have the right protection in place.

Final Thoughts

Buying a new home should be one of the happiest days of your life. Don’t let concerns about cyber threats dampen your joy. Take proactive steps to ensure your transactions are secure and covered by appropriate insurance.

Have any questions about the topic discussed in this article?

Contact us today at 412.563.2106 to discuss your insurance needs and ensure you’re protected against cyber threats. Remember, I’m Don I., your insurance guy, always here to help you safeguard your most valuable assets.

Spring will be here soon and usually during spring we do what is called spring clean ups or check up.  We look at the lawn mower, the weed whacker and car wash stuff all because Spring is a new start. 

In my world, the same holds true for insurance.  I like to review my policies and make sure I have what I think I have and make any tweaks that I feel are necessary to be properly insured. 

Knowing that most people renew or purchase a policy and stuff it away somewhere for the year, the spring check up might be a good idea for you.  Things I look at during my check up and you should too are:

1. Limits: are they sufficient?  Will there be enough there to protect you in the event of a claim.  Make sure you review both the per claim limit and the aggregate limit.  Aggregate being the total amount available during the policy year.

2. Deductible:  Are you comfortable with the current amount?  Will you be able to pay it when it comes time?  On paper 5 or 10k might not seem like a lot of money but during a claim sometimes money can be a little tight.  

3.  Defense costs:  How are they handled?  Are defense costs/cost of defense  included in your limits of liability or are they in addition to your limits?  If you carry lower limits, say 100k and your defense costs are included in that limit it may not take very long to go through the limit before the case is resolved.

4. Insureds: Make sure you know who actually is insured on your policy – you, your staff, independent contractors, of counsels, former employees.  It always good to know who is covered and who is not

5. Prior acts: Check and make sure that your prior acts coverage is correct.  We all know that claims can and usually do stem from professional services we performed prior to the start of your current policy period.  Make sure your policy contains prior acts coverage.

6. Effective date. Make sure your policy is current and that you didn’t miss the renewal date.  Sounds stupid but it does happen.  People just forget to renew or just put it off until it is too late.

So before you start to cut your grass or use the weed whacker make sure you have a new spark plug in place and give your LPL policy a check up too.  

At INf, we just finished recognizing the month of October as Cybersecurity Awareness Month. I hope you enjoyed the few educational videos that we were able to send your way.

Since then, a few of our clients have asked me to talk a little bit about whether a legal malpractice policy would cover a claim that was based on a cyberattack, data breach, or wire transfer fraud. So as a bonus to our October series, we’ll go over a few of these issues.

Cyberattack and Data Breach Claims

Let’s take a look at the cyberattack and data breach issues. My answer is going to be a pretty typical insurance answer in this situation—maybe. It might be covered based on the claim circumstances. My best guess is that if you submit a legal malpractice claim based on a cyberattack or data breach, it will trigger the coverage.

The carrier will review the claim issues and decide which issues are going to be covered and which issues are not going to be covered. I would believe that those issues that are typically considered legal malpractice issues are going to be covered, and those issues that are strictly considered cyber issues will not be covered. Now, your policy may have certain language that will provide a very limited amount and scope of coverage for some cyber events. So you might be able to glean a little bit of coverage out of your legal malpractice policy in that event.

Wire Transfer Fraud Claims

On the other issue of wire transfer fraud, my answer is going to be a little bit different. I don’t believe that most legal malpractice claims or most legal malpractice carriers are going to cover claims for wire transfer fraud. Most of the carriers and carrier personnel that I have spoken to believe that wire transfer fraud is theft. And a legal malpractice policy is not theft protection.

Perhaps a fidelity bond, maybe crime coverage, or a standalone cyber liability policy would be the better policy from which your coverage would come. Some legal malpractice policies even specifically exclude theft, wire transfer fraud, and bank transfer fraud.

Consider a Cyber Liability Policy

If you’re looking for coverage to replace the physical funds that are lost from a wire transfer fraud, my suggestion to you is to not depend on your legal malpractice policy to do so. I think you’ll be very disappointed. Which brings me to my last and final point: you need to seriously consider the purchase of a standalone cyber liability policy. It’s going to protect you against a host of exposures, like cyberattacks, data breaches, ransomware, phishing schemes, and so much more.

So if you really want to protect yourself, the office, and your client, the purchase of a cyber liability policy is the way to go.

These policies help protect you from the threat of hackers, data dumps, stolen passwords, ransomware attacks and more.  

It takes less than 5 minutes to fill out the application for this insurance.  Contact INF to get started at 412.563.2106.

You as lawyers have several choices when it comes to legal malpractice insurance.  My guess is all brokers selling this type of coverage will tell you that their policy or program is a good one.  But what exactly makes up a good program? 

Let me tell you what I think makes up a good program and distinguishes it from other insurance program or policies in the marketplace:

 1. A malpractice helpline or hotline for insureds.  This is important as it provides an outlet for the insureds to discuss the disciplinary or claim issue with one of their colleagues.

2. A library of risk management tools.  For example, sample copies of engagement letters, disengagement letters, samples of conflicts of interest checks and examples of docket control systems.  This can be web site based or hard copies

3. Risk Management classes and or videos that may or may not provide CLE credit

4. Comprehensive policy form that provides: full prior acts coverage, career coverage, broad definition of professional services, unlimited tail coverage endorsement and a free retirement tail when appropriate.  

5. An involved and experienced broker. Does your broker look like me, act like me, talk like me?  If not they should.  A broker is your connection to the carrier.  Likewise the broker is the carrier’s connection to you.  Education, dedication and commitment is a must. LPL is not a one size fits all, not even a one carrier fits all kind of product.

When searching for or reviewing your legal malpractice insurance program, you may not be able to secure everything I just mentioned but a good program will have most of them.

Well, welcome to July! Hard to believe July is already here. We at INtegrity First Corportation
recognize/celebrate the month of July as Legal Malpractice Insurance Awareness month.
Similar to September being Life Insurance Awareness Month and October being Cyber
Insurance Awareness Month. And what better way to kick off the month than a short
discussion on why malpractice insurance is so important. This fourth of July as we celebrate this
great nation of ours don’t be red white and blue. Be red white and insured or covered.

I personally believe that there is no better way for lawyers to protect themselves, their
practices and perhaps more importantly their clients! Everyone makes mistakes and lawyers
are not excluded from this fact. Some mistakes are small and insignificant and can be resolved
by the lawyer. Other mistakes however are more severe. They can cause harm to the client,
and affect the reputation of the lawyer. These claims/mistakes requires special expertise, legal
defense counsel and significant resources to resolve. This is where your legal malpractice
insurance coverage/program pays huge dividends.

Your coverage will provide the guidance and assistance throughout the process, provide for
defense counsel and settlement funds if needed. It also provides for a vigorous defense of you
protecting your reputation from those annoying frivolous claims that often times get filed
against you.

A good lawyers professional liability policy is worth its weight in gold! Make sure you have one!

Enter to win two FREE Steelers Tickets!

As we at Integrity First Corporation celebrate the month of July as lawyers legal malpractice insurance Awareness Month, we are honoring you, the lawyer, and offering you a chance to win two free Steelers tickets to an upcoming game during the 2023 2024 season.

Many carriers trying to be innovative or distinguish themselves in the Legal Malpractice marketplace try to add certain coverages to the policy hoping to get your business.  While any additional coverage is a good thing, sometimes the advertising and marketing of the additional coverages can cause confusion about the type and extent of the additional coverages offered.  

Some of the additional or ancillary coverages that carriers in the Legal Malpractice marketplace are marketing/providing are: Cyber Coverage, D&O Coverage, Fidelity Coverage and even some BOP coverage or business owners.  Again, the additional coverages are not bad to have but they should not be thought of as complete coverage for that type of exposure.  All of these ancillary coverages are just that – ancillary. Don’t be fooled in thinking that the ancillary coverage is all you need for those exposures.  The ancillary coverage will provide minimal coverage in terms of depth and limits.  

For a more comprehensive coverage with broad depth and adequate limits, you should consider a standalone or separate policy for each of the exposures that exist in your firm.  Although buying separate policies for cyber, business owners, and crime coverage will add to your outlay of cash it should provide adequate protection for you and the firm in the event of a claim or loss.  Notice I did not mention D&O coverage, if you sit on a non profit or for profit board you definitely need to check with that entity and confirm that they do have an inforce policy that protects you in your position as board member.  

Don’t depend on your Legal Malpractice policy to act as a cover all policy.  It’s not!  It’s great to have supplemental and ancillary coverages in the legal malpractice policy but it is a mistake to believe these types of coverage will provide the coverage needed in a claim situation.  Investigate standalone policies. 

Time doesn’t stand still and we are not getting any younger.  At least I’m not.  Eventually we all will at some point retire.  As lawyers in the private practice of law, you need to prepare for retirement from an insurance perspective.  

When you retire, you want to make sure that you take the proper steps to maintain the coverage you paid for in all the years prior.  You do this by securing what is known as tail coverage referred to as an Extended Reporting Provision.  Tail coverage will allow you to report future claims filed against you stemming from professional services you provided to clients prior to your retirement.  Hence the term tail coverage.  

Tail coverage is an essential piece of your retirement plan and it is not inexpensive (cheap).  The cost of tail coverage is usually based upon a percentage of the last premium you paid prior to retirement.  Cost can be upwards of 300% of the last premium paid. For example if the last premium you paid for your policy prior to retirement was $2000, your tail coverage could cost as much as $6000. 

It is important to note and to plan for that most carriers will offer a free retirement tail providing that you satisfy certain requirements.  Different carriers have different requirements however most stipulate that you must have been insured with the carrier for three consecutive years to be eligible for a free retirement tail.  Therefore you need to check with your broker and confirm what the requirements are in order to obtain a free retirement tail.  

Do not wait until the last minute to check as we are talking time requirements of at least three years and be careful as to not change carriers when you are within that three year time frame.  And if you do have to change carriers when in that retirement time frame, consult with your broker on what you will need to do to obtain a free tail with the new carrier.  There may be options where you won’t have to start over at year 1 of being continuously insured.

Remember, when you’re getting close to retirement, ask questions, get answers and confirm that you qualify for a free tail or at a minimum can purchase a tail. It will help provide for a secure retirement and possibly add a little more cash to your retirement savings.

Professional Services On Behalf of the Named Insured, that term or similar term is in most, not all, but most lawyers malpractice insurance policies.  It is intended to limit the policy coverage to lawyers in the law firm that are providing legal services to clients of the law firm only. Keep in mind that the name of the law firm is usually the name of the Named Insured listed on the policy.  

This term usually is a good thing for the law firm in that it does limit the exposure and coverage to the law firm business.  It can however be quite a surprise to any firm lawyers working outside the law firm in a “side” venture and moonlighting situation.  The policy will not cover professional services performed for anyone that is not a client of the Named Insured/Law Firm.  

There are instances where lawyers have worked in a law firm and also maintain a solo part time law practice away from the law firm.  Thinking that they had malpractice insurance coverage with the law firm, did not bother to purchase a separate policy for their part time solo work.  They did not realize they had no coverage until they were sued for work performed in their part time solo capacity.  Ouch!  That is a hard lesson.  

This situation can also occur if when working in a firm the lawyer agrees to provide legal service for a friend or family member and doesn’t run the business through the firm or sign the client up as a client of the firm.  

So check who is the Named Insured on your legal malpractice policy.  Make sure it is correct, again it is usually the name of the law firm. Be certain that all lawyers in the firm know that they are NOT or may not be covered by the law firm policy for legal services they perform for others who are not client’s of the firm. 

“Amateurs hack systems, professionals hack people.” – Bruce Schneier

What is social engineering? 

Social engineering occurs when somebody acts like something that they’re not to get information from you so they can better themselves. We’ve heard a lot of stories that involve law firms and wire transfer fraud.

Common Social Engineering Schemes Aimed At Attorneys

There was a firm in North Carolina and they received a phone call, supposedly, from the bank saying, “We noticed some interesting activity on your account. I just want to verify we’re talking to the right person, what’s your username and password?” That firm gave the person on the phone their bank username and password. The bank said, “We’re gonna send you a code. We just want to make sure that you are who you are – let us know what the code is and then we’re going to talk about the issues with your account.” So instead, unbeknownst to the law firm, the people on the phone actually signed into their bank, initiated a wire transfer, and sent them the code needed for the wire transfer. So the law firm received the code and provided it to the people on the phone, they put it in, and then they went on to just have a fake conversation about what was wrong with their account. At the end, they said it just turned out to be an internal error and everything was fine. And 30 minutes later, the firm finds out that there was a wire transfer that they didn’t know about that they didn’t authorize. And in fact, it ended up being the person on the phone that allowed it all to happen.

This is a very common thing that we’ve been hearing more and more lately and it is a very common social engineering scheme aimed at attorneys.

Another one is, they’ll call you and appear like they are from a nonprofit, and they’ll try to, again, get some sort of wire transfer normally.

And then the final one that’s really, really common is they’ll send emails to you as your client. So it’s actually quite easy to appear to send an email as somebody else. It’s called email spoofing. An eight year old could do it, it’s so easy. They’ll send emails to you as your client, and they’ll say, “Hey, are you at the office? Can we send a wire out today? I’m busy, just go ahead and do it and email me when it’s done.” Anytime you get anything like that from your clients, you will need to put something in place where there’s some sort of two factor authentication. Something as simple as if they email you, you have to talk to them on the phone before proceeding. Having processes in place to combat social engineering is, again, part of that knowledge that needs to happen.

Social engineering is definitely an issue, and attorneys are one of the main people that they’ll go after because you have access to such important information.

Is This Really Happening?

I can tell you that, obviously, there have been claims, and whether they’re funds, transfer funds, transfers, or just hacks into the system to try to get information such as social security numbers, ein numbers, birth date health records of clients, it’s happening all the time, and it happens everywhere. The smaller law firms that don’t have a ton of money to spend on high priced security systems out there, they’re considered low hanging fruit or as I said, the easy targets for cyber criminals so be careful.

In the past five years, banks have spent about $90 billion on guarding against social engineering. They’re making it a lot harder to get into their information.