The insurance is underwritten by Chubb Limited and includes coverage for income loss, network extortion, forensics, defense costs and liability protection, according to information from the ABA. The insurance is available through USI Affinity and is available to ABA members and their families.
James Dimos, ABA deputy executive director, said the demands of the industry drove the decision to expand available coverage. “The ABA has been educating lawyers about cybersecurity and the risks to their clients and their practices for a number of years. As the education and experience level increased, lawyers and law firms have been exploring the availability of such a policy,” Dimos says. “ABA Insurance is a new program developed by the Association within the last year to provide members with access to affordable coverage from top-quality carriers. We knew from its inception that providing our members with access to cyber-liability coverage was important.”
The legal field has become a popular target for cyberattacks, and risks are elevated considering the sensitivity and potential uses of the data, according to a release from the ABA. One attack cited by the trade organization detailed three Chinese men who were accused of using stolen emails to springboard more than $4 million in illegal stock deals.
“Cyber insurance coverage is a valuable and practical member benefit for lawyers offered through the ABA Insurance portfolio,” says Linda A. Klein, president of the bar. “As the number of cyber breaches increases everywhere and throughout all industries, it is critical that lawyers and law firms that rely on vast amounts of electronic data are protected. As the legal profession evolves, the ABA remains at the forefront in providing attorneys the tools they need to thrive.”
Dimos said the elevated frequency of the attacks has also contributed to insurers’ willingness to take on the coverage. “Over the last few years, insurers have been more willing to offer cyber-liability policies given the increase in incidents and desire for coverage,” Dimos says.
However, a report from Swiss Re Institute highlighted some of the challenges companies face when considering delving into the cyber security insurance market. The report warned many companies have not implemented “widespread improvements” in cyber defenses and risk management, further complicating matters.
In the report, “Cyber: Getting to Grips with a Complex Risk,” published earlier this year, Swiss Re pointed out the scope of liability may be so great government assistance might be required to keep the industry solvent.
“The potential scale of some cyber losses could be too great for the private re/insurance sector to absorb," the report reads. "This is especially true for peak-loss events such as widespread disruption to critical infrastructure or networks which could lead to significant accumulated losses. For such risks, there may be a case for a government-sponsored back-stop … something akin to the state support for protection against catastrophic terrorism risks.”
According to the report, a government-backed “catastrophe reinsurance scheme” would promote better market-led protections and support broader resilience. The report noted the increasing liability firms face, considering damages include potential harm to reputation as well as physical property damage.
“Thus far government action has been limited to encouraging information capture and dissemination about cyber threats, and setting the accompanying legal framework," the report reads. "In the long run, governments may have to step in to act as re/insurers of last resort if the full network benefits of digitalization are to be realized and not be undermined by the attendant increase in cyber hazards.”