Questions and answers

Renewal and cybercrime

We have been asked some questions regarding our cybercrime proposals and this year's renewals. These are below with our responses.
Open all

The consultation closed in May and we held further discussions with insurers and others to make sure that we fully understood the aims of the drafting suggestions some had made, and clarified any potential unintended consequences.

Our Board next meets in September, after which we will then be in a position to make the necessary amendments to the MTCs. This means that the amendments will not be formally in place for the October 1 renewals. As we have kept the insurers informed of our timelines, we understand that some insurers are including cyber wording in policies for renewals already and we have been clear with insurers that policies being written now must meet the existing MTCs.

The MTCs require cover for losses to a client or other aggrieved third party caused by a cyber-attack that fall within scope of a claim for civil liability against a solicitor. This would include losses where money is stolen from your firm’s client account as a result of the cyber-attack and you do not replace the money.

Our MTCS do not require cover for business losses to the law firm (sometimes called first-party losses), except for certain costs of investigating and defending a claim. For example, loss of the firm's own money or the costs of rectifying any reputational issues. These losses can be covered by separate standalone cyber policy, but we do not mandate these.

Our MTCs do not prescribe the precise drafting of the insurance policies that firms must have in place, rather they set out minimum terms that must be met. Insurers can therefore draft their policies in any way that they wish, provided they maintain the cover required by the MTCs. Insurers can provide cover above the minimum terms and your broker can advise you on this.

No - under the agreement we have with insurers this is not allowed. However, an insurer may take into account the fact you have cyber insurance, for example to cover the costs of rectifying IT systems and managing data breaches, as a factor when assessing your overall risk management when deciding whether to offer you a policy and calculating the premium.