Cybercrime is an ongoing security threat, and as is often reported in the media, the prime targets are banks, professional services firms and other high-profile businesses around the world. Solicitors have been specifically targeted by cybercriminals because they often hold large sums of money in their client bank accounts.
Professional indemnity insurance (PII) policies have been providing cover for solicitors in relation to claims by clients for negligence or other similar wrongdoing for years, but what does a solicitor do if a client bank account is significantly depleted as a result of cybercrime, such as phishing?
Would such a scenario be covered by the PII policy or is it a matter for other types of insurance policies?
In response to the growing threat of cybercrime to solicitors, the Law Society of Ireland has introduced new regulations, The Solicitors Acts 1954 to 2015 (Professional Indemnity Insurance) Regulations 2017 (the Regulations), which require new wording to be included in PII policies for solicitors from 1 December 2017 onwards.
The Regulations extend the definition of a “Claim” in PII policies to include situations where a solicitor is notified in writing by the Law Society of Ireland of an obligation to rectify any deficit which has arisen in a client bank account, such as a deficit resulting from cybercrime. In the future, it may be the case that a solicitor who discovers a client bank account deficit will seek to procure a direction from the Law Society of Ireland before concentrating on addressing the deficit.
It remains to be seen how the Regulations will work in practice, but it does show that the Law Society of Ireland is intent upon meeting some of the newly emerging challenges of running a law firm today, both online and offline.
Solicitors are likely to continue to require separate policies of insurance for cyber and criminal risks, but the new measures introduced in the Regulations should be welcomed by solicitors.