The Solicitors regulation Authority has announced that a new clause, making it clear what cover will be provided for cyber losses, will be added to the minimum terms and conditions of law firms’ professional indemnity insurance (PII) policies.
The SRA states that the addition has been drawn up in conjunction with both the legal profession and insurers, and has been submitted to the Legal Services Board (LSB) for final approval. If agreed, it should be in place for any insurance renewals from early 2022 onwards.
The SRA have proposed the addition of the clause following the Prudential Regulation Authority and Lloyd’s of London asking insurers across the UK to make sure they focus on losses arising from cybercrime in all policies, including those written for law firms. The effect of the clause will be that insurance policies will explicitly mention cover for cybercrime and will specify what losses fall within scope for a potential claim. The cover is intended to be for client and third-party protection so that losses to the law firm (first-party losses), other than certain costs of investigating and defending a claim, will not be covered. Those firms requiring further cover will need to purchase a separate cyber policy for other risks.
Paul Philip, SRA Chief Executive, said:
‘‘Professional indemnity insurance offers key protection for the public. Law firms handle large amounts of client money and sensitive information, and that makes them an attractive target to cybercriminals. The clause on cyber losses provides real clarity for consumers, law firms and insurers about client and third-party protection in the event of cyber-attack, without changing the amount of cover specified by the minimum terms and conditions.’