BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Cyber breaches a particular risk for law firms: PLUS panel

Cyber breaches a particular risk for law firms: PLUS panel

CHICAGO — Cyber breaches are a particular risk for law firms and other professional firms.

Law firms, accounting firms and similar professional companies are at risk for privacy breaches, as they often house many sensitive records and lack the security available to larger financial institutions such as banks, panelists said during a Wednesday session at the Professional Liability Underwriting Society's 2013 Professional Risk Symposium in Chicago.

According to a 2011 study by Ponemon Institute L.L.C., the average cost per record in a data breach was $194, said Kari A. Timm, a partner at law firm Walker Wilcox Matousek L.L.P. in Chicago.

The average data breach involves about 28,000 records and costs an organization $5.5 million, said Ms. Timm, who also moderated the session.

Panelist Regan E. Miller, associate director at insurance broker John L. Wortham & Son L.P. in Houston, said law firms are particularly at risk.

Law firm records are “definitely a target,” Ms. Miller said. “The amount of information and how accessible it could be provides a rich potential for hackers.”

While laptops remain the most stolen item that could lead to a breach, mobile devices, such as smartphones and tablets, are a concern that is “here to stay,” Ms. Timm said.

“It's a challenge for firms,” she said, noting that as technology evolves, smaller companies may struggle to upgrade their equipment and allow or encourage employees to use their own devices.

While there are economic benefits for companies to allow employees to bring their own devices, “only half of you that have a device have it password-protected,” said panelist Jeremy Henley, insurance solutions executive at ID Experts Corp. in San Diego.


For professional firms to manage the risk, start with a comprehensive policy for employees that centers around training, he said.

In the event of a breach, professional firms should exercise their response plans, which should be crafted well in advance and define specific actions regardless of the size of the incident, Mr. Henley said.

“Assume it's going to happen” and try to “limit the size and severity” of the breach, Mr. Henley said.

Ms. Timm added that there's a slow uptake on cyber liability insurance as some professional firms do not consider themselves a target for hackers and breaches.