Law Firms: How much coverage is enough?

Some firms are “fortunate” enough that compliance or client requirements dictate how much cyberinsurance the need. For many, that answer is not as clear cut. You may know certain numbers such as your lost billable hours for a day of no productivity, but what about the impact on your clients? Reputational damage from a breach? There is never a clear cut answer, but you can at least get to a ballpark number using our guide.

Key numbers for calculations include:

  • Average downtime for a company after a ransomware attack is 21 days (source)

  • Average ransomware payment is $211k (source)

Assuming a worst case, if your firm was down for 21 days, how much lost revenue would that cost you? Don’t forget to include any billable staff! Add $211k to that for the ransom payment you made, and any additional costs of recovery you can identify, such as:

  • Restoration of backups

  • A third party security firm to secure your network

  • Missed deadlines, and filing of extensions where applicable.

  • eDiscovery of breached data to identify which clients were impacted, and notification obligations (state/federal law, ethical, or other)

Per Sophos, all these costs combined averaged $1.85 million last year.

As a law firm, you have additional specific considerations. Examine your exposure to these risks as well when evaluating coverage needs:

  • Are your clients heavily impacted by a data breach such as exposure of designs, trade secrets, or intellectual property being compromised? IP firms for example can suffer major third party claims and reputational damages.

  • Old closed matters may contain sensitive data that could be exposed.

Using the above, you should be able to get to a ballpark bracket ($1mm, $2mm, $3mm or more) on how much coverage is enough. One common mistake is that people don’t assume worst case when calculating their limits - but worst case is what insurance is for!

Also note that today, law firms are sometimes considered a high risk industry, so higher limits can be difficult to find, as many carriers try to limit their exposure to the industry. It may require talking to several carriers before you find a policy that is the size you need.

Ready to bring in the risk experts? Our founders have extensive experience working on IT for law firms. Paradigm combines expertise in insurance, cybersecurity, and IT to give your business the best in cyber protection.


Previous
Previous

Security Controls 101: Patching

Next
Next

Manufacturing: How much coverage is enough?