Cyber crime warningWe recently received the following report from our insurance broker in the UK. It provides a timely warning to legal practices in Western Australia. The recent decision from the Solicitors Regulation Authority to shut down a solicitors' firm in Surrey after "vishing" scammers duped a sole practitioner into transferring £734,000 of
client money into fake accounts, highlights the vulnerability of the whole of the profession. Put bluntly, solicitors are potential sitting ducks for cyber-criminals. But cyber-risks are essentially just old risks manifesting in new ways - and with far more terrifying speed, scale and financial consequences. Technology has made traditional crimes such as theft, fraud and blackmail not only easier but also more lucrative than ever before. With so much sensitive client data stored electronically, professional services firms are in the frontline
when it comes to this cyber-warfare. They, and their insurers, need to do far more to protect themselves - and their clients - from cyber-attacks.
|
|
The threat from cyber-criminals is as much an issue for big firms, as small - and the legal profession ignores this at its peril. While it is true that larger firms have better structures to manage the risk, do not be deluded into thinking they are immune. People are the biggest chink in the cyber-armour of any organisation, so the more employees a firm has, the more exposed it is.
The practititoner's harrowing story is just one example of what has become an epidemic. Financial Fraud Action UK, an industry organisation, reports that total remote banking losses rose 37 per cent in the first six months of 2015 to £65 million. Within that total, telephone banking losses - similar to this fraud - rose by 95 per
cent to £14.4 million. Yet despite the evidence of the increasing ubiquity of cyber-attacks, and the dire consequences they can have, too many professional services firms mistakenly dismiss cyber-threats as "just an IT problem". The issue must be promoted to top of equity partnership agendas.
|
|
Equally worrying is the insurance market's unpreparedness for cyber-claims. A survey conducted by my law firm revealed that 36 per cent of the London insurance market was not confident that they even understood cyber-risk and how it affects insurance.
Of course, insurers need historical data on which to model policies, and this does not yet exist in the era of cyber-risk. And in the absence of data, it is nigh on impossible to determine either the "likelihood" of cyber-attack, or the impact in terms of cost - this being the two halves of the equation behind any insurance policy. As a result, the legal profession is facing double exposure - first, its own slowness in acknowledging vulnerability to cyber-threat; added to that, the likelihood that insurance policies will not cover many of the potentially critical cyber-losses such as reputational harm and damage to a firm's own systems. So why the complacency? Law firms need to wake up now. Provided by Kieran Jones, head of the insurance team at Weightmans, a law firm based in the City of London (slightly modified to remove
practitioner references)
|
|