The Solicitors Regulation Authority (SRA) are calling for professionals in the legal sector to give their feedback on a clause which covers for cyber losses explicit in the minimum terms and conditions (MTC) of professional indemnity insurance (PII) policies.
On the SRA’s website it states:
We are consulting on a proposal to make a change to our minimum terms and conditions (MTCs) for the professional indemnity insurance (PII) that we require all the law firms we regulate to have in place.
Our proposal is to add a clause into the MTCs that clearly sets out what is and what is not covered in the event of a firm being subject to a cyber attack/event. This is in line with the expectations that the Prudential Regulation Authority and Lloyd’s of London have of insurers because the risk of cyber-attacks on individuals and businesses has increased.
Our objective is to provide absolute clarity for law firms, insurers, and consumers without altering the scope of consumer protection provided by our PII arrangements.
The consultation is open for your comments from 13 April 2021 until 25 May 2021. After it closes, we will collate and analyse any responses. We will then confirm our final position.
Cyber crime accounted for £2.5m of reported losses to firms in the first half of 2020 alone, and Paul Philip, SRA Chief Executive, said:
“Cyber crime remains a major risk for all law firms – it’s the fastest-growing crime in the country. Law firms handle large amounts of client money and sensitive information, and that makes them an attractive target.
“Professional indemnity insurance offers key protection for the public. The proposed clause on cyber losses provides real clarity for consumers, law firms and insurers about client and third-party protection in the event of cyber-attack. We welcome views from law firms and individuals on the change we are proposing to make.”
Gareth Milner, Client Director, Professional Risks, J M Glendinning (Insurance Brokers) Ltd, commented:
“The wording of the consultation suggests the SRA are simply looking to maintain the current position in regards to how the Minimum Terms and Conditions policy will respond to Cyber crime claims, albeit by explicitly highlighting the fact.
How insurers interpret this remains to be seen, but it’s reasonable to expect some will further interrogate a firm’s IT protocols and Cyber Risk Management practices, as well as seeking to understand whether or not an insured firm buys separate Cyber Insurance and if so, to what extent. We have already seen insurers asking more in-depth questions on these topics for Solicitors’ PII renewals in the last 12 months. Cyber crime is arguably the biggest, and certainly the most rapidly-evolving, threat both law firms and their insurers face today. Such risks have only increased in the last year as firms have had to adopt new remote-working practices following the Covid outbreak.
“The wording of any proposed clause will also be critical, as insurers will no doubt scrutinise this to understand if it does alter their exposure to claims once the issue is brought into relief.
“The SRA has a tricky balance to achieve with the Minimum Terms and Conditions policy; giving consumers and law firms the protection they require whilst ensuring the wording is not so onerous on insurers as to prevent a free and open PII marketplace. The fact the MTC wording is again being discussed should be seen as a positive and we would urge all firms to have their say in the consultation.”
Find out more about the consultation and give your feedback here.