Friday, May 29, 2015

Risk Update: The Insurance Insights Edition (Malpractice & Cyber)



Two updates on the subject of insurance. First, likely a moot point already addressed by our compliant readership, but still interesting, from Thompson Hine: "Do you know your rule on malpractice insurance disclosure?" --
  • "Only one jurisdiction in the nation — Oregon — requires lawyers to carry legal malpractice insurance.  But all the other states have varying requirements about malpractice insurance and disclosing whether or not you carry it.  Knowing the rule in your jurisdiction is vital to staying out of ethics trouble."
  • The ABA’s comprehensive state-by-state chart.
  • "Ohio, for instance, is one of only seven jurisdictions that require lawyers (with certain exceptions) to inform a client directly if they do not carry a certain level of malpractice insurance.  And Ohio lawyers who fail to communicate that fact to their clients have been reprimanded, and even suspended (at least when the failure to disclose is coupled with other misconduct).  The other states with disclose-to-clients requirements are Alaska, California, New Hampshire, New Mexico, Pennsylvania and South Dakota."
See the full article for discussion on whether disclosure requirements are a good thing or not. And see BNA's update on: "Think You Don’t Need Cyber Insurance? Think Again!" --
  • "Big Law is a big target for cyber thieves, experts warn. For starters, law firms are viewed by criminals as low-hanging fruit — because firms are perceived as having “relatively lax security as compared with their sophisticated corporate clients,” said Roberta Anderson, a partner at K&L Gates,  and co-founder of the firm’s Cyber Law and Cybersecurity practice group."
  • "Negligent acts, as well as internal and external hacktivists, are also typically covered — 'for example, an attorney mistakenly emailing a non-encrypted file full of Health Insurance Portability and Accountability Act [HIPAA] information to a third party, and for an external event through a phishing attack and/or a rogue employee event,' said New York-based Joe DePaul, senior vice president, Finex North America Cyber and E&O team, Willis Americas Administration Inc."
  • "'Thinking that cyber insurance policies are all the same and will automatically respond to any cyber event, regardless of the cause,' said Selby. 'The devil is in the details, and law firms should carefully consider their unique cyber risk profile and ensure that their cyber coverage provides adequate protection against those risks,' she said. Working with an experienced cyber broker, and possibly coverage counsel, is highly recommended.'"
See the full article for discussion on recommendations for what cyber insurance should cover. And see our previous post from Paragon on reputation coverage specifically.

No comments:

Post a Comment