The clause has been submitted to the Legal Services Board for final approval. If agreed, it will be in place for insurance renewals from early 2022 onwards.
It means insurance policies will explicitly state whether cover for cybercrime is available and specify what losses fall within scope for a potential claim. The cover is for client and third-party protection.
Losses to the law firm (first-party losses) are not covered, except for certain costs of investigating and defending a claim. However, firms can purchase a separate cyber policy for other risks.
Paul Philip, SRA chief executive, said: ‘Law firms handle large amounts of client money and sensitive information, and that makes them an attractive target to cybercriminals.
‘The clause on cyber losses provides real clarity for consumers, law firms and insurers about client and third-party protection in the event of cyber-attack, without changing the amount of cover specified by the minimum terms and conditions.’
The SRA published its 2021-22 business plan last week, following a consultation exercise in which more than 8,000 people voiced their opinions. Key areas of work for the SRA in the coming year, starting in November, include delivering the new Solicitors Qualifying Examination, building partnerships in lawtech, increasing its focus on anti-money laundering, developing its presence in Wales, and researching factors underpinning the attainment gap and over-representation of black and ethnic minority solicitors within enforcement processes.
Responding to feedback to its consultation, the SRA has also added: explaining its approach to assuring advocacy standards, capturing information on its legal service unbundling pilot, continuing to tackle cybercrime and confirming its commitment to considering environmental and climate issues through its work.
