Indemnity insurers will want to see firms’ plans for stopping cyber-criminals when they come to set premiums this year, a market expert has predicted.
QBE, which insures more than one in 10 law firms in England and Wales, said its latest data shows that around £85m has been stolen across the legal market in the past 18 months.
The firm estimates 150 successful raids have been made on client accounts during that time, with at least 1,500 failed attempts. Only a small proportion of the stolen money, if any, is recovered.
Elina Lusted (pictured), a claims manager for QBE, said underwriters are now likely to ask searching questions about what exactly firms are doing to thwart the criminals.
Lusted added: ‘The nature of how a business risk is assessed may be moving away from the typical focus on what business a law firm does (be that conveyancing, corporate, trusts and wills etc) but more to how they transact business including what security and IT systems they have in place.’
Lusted said law firms have increasingly become targets for fraudsters in the past 12 months, although the methods have changed in that time.
While so-called ‘Friday afternoon fraud’ attempts, where con artists pose as lenders or clients over the phone, remain frequent, criminals are now just as likely to hack into firms’ IT systems to steal monies passing between solicitors and their clients in conveyancing transactions.
Lusted said law firms should be looking at the way they transact business from start to finish, for example warning clients of the risks of fraud through their terms of business letter and/or retainer letter.
Bank account details could be provided face-to-face and emails encrypted so that a password is required to view documents.
Reports from the US last week said two magic circle firms were among 48 top firms to be targeted by attackers seeking inside information on mergers and acquisitions.
The Law Society says it has worked with the UK government as part of its national cyber-security strategy and with the police to produce advice and training for its members on protecting against these threats.