The regulator’s chief executive believes law firms are ’an attractive target’ for cyber crime

The Solicitors Regulation Authority (SRA) is seeking feedback on a new clause to make cover for cyber losses explicit in the minimum terms and conditions (MTC) of law firms’ professional indemnity insurance (PII) policies.

The SRA regulates all solicitors and most law firms in England and Wales.

On 13 April 2021, it launched a consultation to collect feedback on its proposed changes to MTC for solicitors’ professional indemnity insurance - the regulator wants to make clear that client losses caused by a cyber attack which fall within the scope of a claim for civil liability action against a regulated firm must be insured.

Professional indemnity insurance is a type of commercial policy designed to protect business owners, freelancers and the self-employed if their clients claim a service is inadequate.

Law firms make an ‘attractive target’

As cyber attacks are increasing and insurers are being asked by regulators to consider how they manage underwriting risks arising from a cyber event, the SRA believes now is the time for the issue to be addressed with PII policies.

SRA chief executive Paul Philip said: “Law firms handle large amounts of client money and sensitive information - that makes them an attractive target.”

The SRA reported that cyber crime made up £2.5m of reported losses to firms in the first half of 2020.

Philip continued: “Professional indemnity insurance offers key protection for the public. The proposed clause on cyber losses provides real clarity for consumers, law firms and insurers about client and third-party protection in the event of cyber attack.

”We welcome views from law firms and individuals on the change we are proposing to make.”

The open consultation ends on 25 May 2021.