Home > Property & Casualty > FBI’s look at electronic espionage uncovers law firms lack of data security

FBI’s look at electronic espionage uncovers law firms lack of data security

Investigation into the rise in electronic economic espionage against U.S. corporations has recently shined a spotlight on law firms’ data security. The Federal Bureau of Investigation (FBI) found that many law firms are targeted by hackers seeking to gather information not on the firm itself, but the firm’s clients. FBI officials say that law firms’ systems and controls were much less secure than those of their clients, meaning hackers accessed proprietary, confidential and sensitive client information stored on the firms’ servers.

Data security varies dramatically from one firm to the next, but with the recent affirmation that cyber-attacks targeting law firms are on the rise, security should be at the forefront of discussions amongst firms’ management teams. Managing partners and executive committees need to drive a culture of security from the top down by instituting controls, much like their corporate clients. They also should move away from open, less secure networks and instead opt for more controls and access restrictions in order to improve security.

Stroz Friedberg, a digital risk consultancy firm in New York, offers several suggestions for protecting client information, including: securing email, using complex passwords, log access to client data, restricting access to data and conducting training of the firm employees to recognize phishing.

Many firms feel that if their systems are compromised, they will have protections from their malpractice insurance coverage, since data that is breached is data that was acquired in the course of providing professional services to their clients and should therefore be covered. But most insurers’ policy forms are silent when it comes to coverage for data breaches. Consequently, with the rise of hacking incidents the question becomes one of limit management: Do you want to take the chance that such a loss will not be covered and thereby expose the firm to financial loss? Alternatively, if the loss is covered, is that a “good” thing? Any claim paid under the malpractice policy reduces the sum (limit) available should a complaint arise for actual negligence.

Cost is another reason to consider securing specific coverage for data breaches. Cyber coverage, which is less expensive than malpractice insurance, allows the firm to allocate their available resources and maximize the value for their money. If you would like to learn more about coverage for data breaches, please contact our Professional Services Practice.

About the Author

Lynne AhearnLynne Ahearn is Senior Vice President at WGA, working with clients to provide innovative risk management and insurance advice to the Professional Services sector.

617.646.0226 LAhearn@WGAins.com


  1. April 3, 2012 at 3:59 pm

    Lynne, Thanks for your article “FBI’s look at electronic espionage uncovers law firms lack of data security”. I am scheduled to speak at the Texas Bar Annual Meeting in June on technology/law office issues and I would like to quote from your article. May I? I will cite your article in my paper.

    David J. Ferrell
    State Bar of Texas web services Committee

    • Lynne Ahearn
      April 4, 2012 at 10:36 am

      That would be fine.

      Thank you.


      Lynne Ahearn, ARM | Professional Services Practice Leader | William Gallagher Associates
      470 Atlantic Avenue | Boston, MA 02210 | http://www.WGAins.com
      w: 617.646.0226 | : 617.646.0426 | : 617.699.8232 | :: lahearn@wgains.com

      icons here

       Please consider the environment before printing this e-mail

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s