Real-life Cyber Claim Examples: The Importance of Cyber Insurance

It seems as though everyone likes to hear a good war story and it is no different when it comes to cyber claims. Besides price, it may be the most asked question I hear – What kind of claims are being filed? Can you give me an example of a claim to show that this is real and I should be buying a policy? So, let’s delve into this topic and let me tell you a couple of real-life cyber claim scenarios:

War Story 1: The Case of Accidental Data Loss

A small law firm lost all of their data, including backups, from a shared office space when the IT administrator formatted the hard drive on the office equipment. The firm, which had three lawyers, was operating inside unused space at a larger firm. As part of the arrangement, the smaller firm also used the IT systems of the larger firm.

In an effort to segregate the data of the smaller firm, the larger firm gave them access to their own file server, which was normally used for email only. The server began having issues, so the IT administrator backed up the emails on the server, formatted the hard drive, and reinstalled all the software. Unfortunately, the IT administrator did not remember to backup the data from the smaller firm before formatting the hard drive.

The firm suffered an interruption of operations as a result and incurred significant expense to recover the data manually. In this case, the damages and loss are as follows:

  • Data Restoration Expense: $23,000
  • Loss of Billable Hours: $8,900

War Story 2: The Case of Accidental Data Breach

A law firm handling Qui Tam cases suffered an accidental data breach resulting in legal liability and disciplinary proceedings for alleged ethical violations. The firm used a cloud storage service for all firm data. The cloud storage provider offered two tiers of service to clients, free and premium.

Data in the “free” storage service is searchable and can be downloaded by other customers. The firm neglected to pay their renewal fees for the “premium” service, so the firm’s account reverted to the “free” service and all of the firm’s data was searchable and available online for several months. During that time, numerous parties downloaded the details of a sensitive whistleblower case.

As a result, the firm faced a lawsuit from the former client in the whistleblower case as well as a disciplinary proceeding. Several other suits from other current and former clients are also pending. In this case, the damages and loss are as follows:

  • Notification Expense: $27,000
  • Defense Expense: $305,000
  • Damages: $2,150,000
  • Fines & Penalties: $120,000

Note: pending suits from other clients are not included in loss amounts listed above.

These examples illustrate the real-life implications of not having a robust cyber policy. In today’s digital age, where data breaches and cyber attacks are becoming more common, having a comprehensive cyber insurance policy is not a luxury, but a necessity. It’s time to take a proactive approach to protect your firm and clients from potential cyber threats.

Tips on reporting claims and potential claims

When insureds report a claim to their carrier, the expectation is the claim will be covered and their assets and reputation be protected.  While this happens the majority of the time, there are situations when the worst occurs and the claim is denied coverage.  There are several reasons insurance carriers decline coverage on reported professional liability claims.  One of the reasons claims are denied is due to the late reporting of the claim.  Although late reporting is a cause for claim denial, it can be avoided by the insured.

Professional liability insurance policies require that all claims be reported in the policy period that the insured first becomes aware of the claim.  This is also true for potential claims.  Most carriers have wording in the policy that states the insured needs to report those incidents that the insured could reasonably foresee the incident may lead to claim.  Failure to report these potential claims may lead to a denial in coverage.

AttorneyAtWindowIt sounds easy and it should be easy for the firm to report claims and potential claims as soon as they are aware of them.  Unfortunately, it is never easy.  No firm wants to “think” they made a mistake or a client is unhappy with their services.  In addition, some insureds think that the mere reporting of a claim or potential claim will increase their insurance premium, so the claim goes unreported.  Not true.  The mere reporting of a single claim or potential claim does not necessarily increase your premium.

Bottom line…you pay a lot of money to secure the policy, don’t jeopardize the coverage when you need it most.  Report issues early.    Perhaps the tips below will help you make sure your claim or potential claim is reported in a timely fashion:

  1. Meet monthly with your staff/lawyers to review the “tough” cases.
  2. Encourage your staff/lawyers to bring problem cases to your attention.  Don’t punish.
  3. At renewal time, ask all lawyers in the firm to answer the potential claim and claim question on the renewal application. Have them sign and date it.
  4. Most carriers now have a claim hot line or help line that is available to insureds.  Use it.
  5. Make sure that your staff/lawyers know how the insurance policy works and that claims and potential claims need to be reported immediately or they risk losing coverage.  Identify a point “claims person.”  Have all claims and potential claims directed to that person for review and reporting.