Make sure your cybercrime coverage extends to client funds.

As trusted advisors, lawyers uphold the model of confidentiality when maintaining clients’ communications, data and funds. An email compromise or system disruption at a law firm carries the potential breach of a client’s sensitive information. As a result, law firms present additional cyber risks and exposures that are not affirmatively covered under all cyber policies. It is essential for these firms to select appropriate insurers and consider coverage gaps when purchasing cyber and LPL/legal malpractice insurance.

The most frequent type of cyber claim is social engineering, where a firm is misled into transferring money to a fraudulent recipient. With cybercrime on the rise, firms must be vigilant to ensure their cyber insurance protects not only their money, but any client money for which they are responsible. Consider the following claim we recently closed: would you find coverage under your policy?

A law firm is representing a defendant in a lawsuit. The parties reach an agreement to settle the case for $1 million. The law firm’s client sends the law firm the settlement funds which the law firm intends to forward according to instructions provided by the plaintiff’s attorney.

To facilitate the payment, the law firm requests electronic payment instructions via e-mail from the plaintiff’s attorney. Without either party’s knowledge, the plaintiff’s attorney’s e-mail environment has been compromised and a fraudster now has all of the information related to the settlement.

The fraudster spoofs the plaintiff’s attorney’s e-mail account and provides fraudulent wire instructions to the law firm. The law firm follows its electronic payment protocols and attempts to contact the plaintiff’s attorney using a phone number that was provided by the fraudster via e-mail. During this call, the law firm speaks with an individual that sounds like the plaintiff’s counsel; however, it is actually the fraudster using an AI voice program to spoof the plaintiff’s attorney’s voice. The law firm, believing it has confirmed the accuracy of the wire instructions, wires the $1 million to an unknown third-party.

A couple weeks pass before the plaintiff's counsel asks about the settlement funds and the parties realize the fraud. As a result, the fraudster has already withdrawn the funds from the receiving bank account and there is a loss of $1 million.

Law firms across America choose SafeLaw as their cyber insurer for our market-leading coverage and demonstrated claims service. We extend social engineering coverage to include client funds because that is what any sophisticated insurance representative for a law firm expects.

Please feel free to reach out to a member of our team with any questions or to learn more about SafeLaw.