[BreachExchange] DLA Piper's Hack Attack Could Cost 'Millions'

[Inga Goddijn]

http://www.americanlawyer.com/id=1202792499281/DLA-Pipers-Hack-Attack-Could-Cost-Millions

DLA Piper is still recovering from last week’s massive cyberattack
<http://t.sidekickopen61.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs4X9NxjW41Q3dC3SZ8B0F42Qjy24ldHf8s2mrb03?t=http%3A%2F%2Fwww.americanlawyer.com%2Fid%3D1202791614770%2FRansomware-Attack-on-DLA-Piper-Serves-as-a-Warning-Sign-for-Law-Firms&si=5165167453929472&pi=9386d6a7-95dc-40d0-a766-1c8b255c83b1>,
with
insurance brokers claiming that the resulting upheaval could lead to costs
“in the millions” for the firm.

The global legal giant, which fell victim to the ransomware attack that
spread across the globe starting on June 27, is still grappling
<http://t.sidekickopen61.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs4X9NxjW41Q3dC3SZ8B0F42Qjy24ldHf8s2mrb03?t=http%3A%2F%2Fwww.americanlawyer.com%2Fid%3D1202792053258&si=5165167453929472&pi=9386d6a7-95dc-40d0-a766-1c8b255c83b1>
with
information technology problems some 10 days on from the attack.

“We are bringing back services in a graduated way, and only as and when we
can be satisfied that the appropriate safeguards are in place,” DLA Piper
said in a statement.

Sources within the firm have told The American Lawyer’s London-based
affiliate Legal Week that many staffers have started using their work
computers again, while others are continuing to work on personal laptops
while their hardware is checked over. Email is back online, but landline
phones are still down, with calls being diverted to cell phones.

DLA Piper has officially notified the U.K.’s Solicitors Regulation
Authority of the cyberattack, as well as other international regulators,
and the firm is working with law enforcement authorities
<http://t.sidekickopen61.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs4X9NxjW41Q3dC3SZ8B0F42Qjy24ldHf8s2mrb03?t=http%3A%2F%2Fwww.legalweek.com%2Fsites%2Flegalweek%2F2017%2F06%2F28%2Fdla-piper-working-with-fbi-and-nca-to-get-systems-back-online-after-ransomware-cyber-attack%2F&si=5165167453929472&pi=9386d6a7-95dc-40d0-a766-1c8b255c83b1>
like the FBI and U.K.’s National Crime Agency to support their
investigations into the matter.

The firm said that it had also called in IT experts to restore its systems
and safeguard client data. “We are working with leading external engineers
and information security specialists, in addition to those within our
organization,” a DLA Piper spokesperson told Legal Week, noting that the
firm “has in place a range of different insurances relevant to this
incident.”

Lawyers and brokers state that appropriate insurance
<http://t.sidekickopen61.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs4X9NxjW41Q3dC3SZ8B0F42Qjy24ldHf8s2mrb03?t=http%3A%2F%2Fwww.legaltechnews.com%2Fid%3D1202792464849&si=5165167453929472&pi=9386d6a7-95dc-40d0-a766-1c8b255c83b1>
would cover many of the costs associated with this kind of attack,
including paying for external support, potential loss of income and the
costs of getting lawyers back online.

“The total direct and indirect cost could be in the millions,” said Brett
Warburton Smith, a partner at independent insurance broker Lockton
Solicitors, which acts for 27 of the top 100 law firms in the U.K.

Philip Tansley, a legal director with the U.K.’s Reynolds Porter
Chamberlain who advises companies and law firms on responding to cyber
breaches, noted that he counsels clients to make sure they have the right
coverage.

“Cover available in the market includes mitigation expenses, which might
cover, for example, the additional costs of working, such as getting people
set up working remotely, and outsourcing urgent work to third party firms,”
Tansley said. “In terms of loss and deferral of revenue, that is a complex
area. Firms should be careful that they have the right cover and if they
are not sure, discuss it with their brokers and underwriters and ask them
‘if this happened, would you cover it and how would you calculate our
claim?’”

Janine Parker, head of U.K. professions at Paragon International Insurance
Brokers Ltd., said that her company offers policies with a “full breach
response,” including loss of revenue.

“If any of our law firms suffered a cyberattack they would have access to
specialist law firms, to a [public relations] firm, to claims for loss of
income and loss of profit,” Parker said. “If they lose a client due to an
event during litigation, we would pay a percentage of a success fee they
would be due under a conditional fee agreement.”

The size of policies on the market stretch up to $500 million, added Sarah
Stephens, head of cyber at insurance broker Jardine Lloyd Thompson Group
plc.

“You could potentially buy anywhere from [$300 million to $500 million],
but generally if you are only buying it to augment the third party
liability cover in your professional indemnity policy, you are looking at
the likely loss from business interruption so we would typically see
policies of no more than $100 million,” Stephens said.

The process of working out how much a breach will cost typically begins
shortly after it has been discovered.

“The insured, with the help of their broker, would look at the policy and
work out what the business interruption claim was, which the insurer would
then adjust,” said RPC’s Tansley. “The alternative approach is that the
insurers, knowing a large claim was on the way, would appoint an adjustor
or a forensic accountant to work with the insured to establish what its
loss is.”

Brokers and underwriters say that cyber insurance is becoming increasingly
common
<http://t.sidekickopen61.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs4X9NxjW41Q3dC3SZ8B0F42Qjy24ldHf8s2mrb03?t=http%3A%2F%2Fwww.americanlawyer.com%2Fid%3D1202752692874%2FAmid-Hacking-Threats-Law-Firms-Turn-to-Cyber-Insurance&si=5165167453929472&pi=9386d6a7-95dc-40d0-a766-1c8b255c83b1>
throughout the legal market.

“We have over 300 firms of solicitors that have purchased a cyber policy
from us, covering off the whole spectrum from two-partner law firms to some
of the largest law firms in the world,” said David Warr, a cyber
underwriter with QBE European Operations plc.

Lockton’s Warburton Smith said that 50 percent of his firm’s top 100
clients now purchase specialist cyber insurance projects, with many other
clients now looking into doing the same.

“We are getting calls virtually every day on the back of this [the DLA
hack] because people are really concerned about it,” he said.

However, while larger firms have tended to be more proactive in insuring
themselves against cyber risks, many smaller and midsize firms still rely
on their professional indemnity (PI) policies to protect them.

“The mandated wider cover of the minimum terms for solicitors’ PI may have
lulled the legal industry into a false sense of security that they have
insurance cover for cyber risk and data breaches,” said Hans Allnutt, the
London-based head of the cyber response team at British firm DAC
Beachcroft. “However, the minimum terms are designed to protect clients—not
a firm’s own exposures to cyber risk.”

In the event of loss of client money or data, law firms would typically be
covered by their PI insurance, but this would not stretch to loss of
revenue or the costs of remediating the problem. And Allnut warns that
cyberattacks are becoming increasingly common.

“We have seen a spike in breach instructions,” he said. “We are currently
running at about one a week; a year ago it was one a month and we expect
that to change to one every other day after the General Data Protection
Regulation takes effect next year.”

And while leading law firms will now be doing everything in their power to
protect themselves against falling victim to a similar incident, the
reality is that even the best defended systems are still vulnerable.

“If the Pentagon can be hacked, there is not much hope for the rest of us,”
said Frank Maher, a partner at Legal Risk LLP in Liverpool, England.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170710/bbefbe48/attachment.html>