News release

Have your say on cyber losses insurance clause

We are seeking feedback on a clause making cover for cyber losses explicit in the minimum terms and conditions (MTC) of law firms' professional indemnity insurance (PII) policies.

PII ensures that there is protection for consumers for claims arising from legal work, regardless of the nature of the event which has resulted in the loss. The proposed change is to make it clear that client losses caused by a cyber-attack which fall within scope of a claim for civil liability against a regulated law firm must be covered.

This is important issue at a time when cyber-attacks are increasing and insurers are being asked by their regulators to consider how they manage underwriting risks arising from a cyber event.

Paul Philip, SRA Chief Executive, said: 'Cybercrime remains a major risk for all law firms – it's the fastest-growing crime in the country. Law firms handle large amounts of client money and sensitive information, and that makes them an attractive target.

'Professional indemnity insurance offers key protection for the public. The proposed clause on cyber losses provides real clarity for consumers, law firms and insurers about client and third-party protection in the event of cyber-attack. We welcome views from law firms and individuals on the change we are proposing to make.'

The consultation on indemnity insurance and cybercrime runs until 24 May.

We have often warned against the dangers of cybercrime, which accounted for £2.5 million of reported losses to firms in the first half of 2020 alone.

Use www.sra.org.uk/pii-cybercrime-consultation to link to this page.