We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


SRA agrees on PII cyber-crime clause

25 Oct 2021 technology Print

SRA agrees on PII cyber-crime clause

Insurance policies will have to make clear whether cover is provided for cyber-losses, under new rules agreed by the body that regulates solicitors in England and Wales.

According to the Law Society Gazette of England and Wales, the new clause outlining the extent of cover will be added to the minimum terms and conditions of law firms’ professional indemnity insurance (PII) policies.

Policies will explicitly mention cover for cyber-crime, and specify what losses fall within scope for a potential claim.

The minimum cover is for client and third-party protection: losses to the law firm (first-party losses), except for certain costs of investigating and defending a claim, are not covered, and firms can choose to purchase a separate cyber-policy for other risks.

The Solicitors Regulation Authority (SRA) proposed the additional clause after the Prudential Regulation Authority and Lloyd’s of London asked insurers across Britain to make sure they focused on losses arising from cyber-crime in all policies.

Consultation

A consultation followed over the summer, in which the SRA worked with the Law Society of England and Wales, and insurer representatives, to create the new clause. Depending on approval from the Legal Services Board, the clause should be in place for renewals from early next year, the Gazette says.

Paul Philip, SRA chief executive, said that law firms were attractive targets for criminals.

“The clause on cyber-losses provides real clarity for consumers, law firms and insurers about client and third-party protection in the event of cyber-attack, without changing the amount of cover specified by the minimum terms and conditions,” he said.

The SRA says that the proposed change should not directly alter premiums paid by law firms, as claims for civil liability caused by a cyber-attack have always been considered to be in scope of a compliant PII policy.

Insurers can continue to offer stand-alone policies to law firms, but the regulator is not mandating that law firms buy separate cyber-insurance policies.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland

Copyright © 2024 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.