Professional indemnity insurance policies must provide clarity on cyber-related risks

The Law Society has today voiced its support of the Solicitors Regulation Authority (SRA) as it consults on proposed changes to the minimum terms and conditions (MTCs) for professional indemnity insurance (PII) policies so they’re clearer on cyber-related risks.

The SRA’s consultation response is in reaction to demands from the insurance industry for PII policies to provide greater clarity on cyber-related risks.

The SRA has drafted a new exclusion clause which excludes from cover any cyber-related first party losses – that only affect the law firm – while confirming that third-party loses remain within the scope of MTCs.

Law Society president I. Stephanie Boyce said:

“We support the SRA’s commitment to ensuring the MTCs won’t exclude any liability of the insurer to indemnify a law firm against any civil liability claim, and we encourage the regulator to remain focused on consumer protection when considering other policy changes concerning indemnification.

“We do, however, have some significant concerns about the possibility of coverage disputes between the provider of a firm’s cyber insurance and the provider of their mandatory PII. Therefore, we cannot support the implementation of the new exclusion clause.

“The SRA is right to seek a solution that provides clarity, without compromising the safety of solicitors’ clients. However, we would prefer for the SRA to introduce wording affirming that solicitors’ MTC-compliant PII covers all cyber risks, including first party losses.

“An unintended consequence of the new exclusion clause may mean that firms will feel compelled to purchase cyber insurance from the same underwriter which provides their mandatory PII, further limiting the insurance options available to our members.

“Some firms may feel forced to close if they can’t purchase cyber insurance. These pressures will likely affect smaller firms and those operating in areas such as conveyancing more than larger firms, as they may be likely to experience more serious restrictions of their already limited options.

“This could have implications for diversity within the profession, as well as posing concerns about access to justice in communities that may already be underserved.

“Unless these issues can be resolved, the proposals set out in this consultation would present substantial new risks to our members and the consumers of their legal services.

“As a precaution, cyber risks should be closely monitored on an ongoing basis. The only realistic hope of remaining on top of this issue is by continually tracking developments in technology, reviewing arrangements to ensure they are keeping pace, and being prepared to consider changes, in order to provide solutions, should any novel challenges arise.”