Law Society has 'significant concerns' over SRA's proposed changes to PII cover for cyber risks

The Law Society has “significant concerns” regarding changes proposed by the Solicitors Regulation Authority (SRA) to its minimum terms and conditions (MTCs), which aim to clarify what is (and what is not) covered by professional indemnity insurance (PII) if a firm suffers a cyber-attack or event. 

The proposed clause excludes from cover any cyber-related first party losses – that only affect the law firm – while confirming third-party losses remain within the scope of MTCs. 

The SRA believes the proposed clause will “provide absolute clarity for law firms, insurers, and consumers without altering the scope of consumer protection provided by our PII arrangements”.

The proposed changes follow demands from the insurance industry for PII policies to provide greater clarity on cyber-related risks, due to an increase in the risk of cyber-attacks.

Law Society president I. Stephanie Boyce commented: “We support the SRA’s commitment to ensuring the MTCs won’t exclude any liability of the insurer to indemnify a law firm against any civil liability claim, and we encourage the regulator to remain focused on consumer protection when considering other policy changes concerning indemnification.”

However, she raised “significant concerns” regarding the possibility of coverage disputes between providers of firms’ cyber insurance and mandatory PII cover. As such, she said the Law Society “cannot support” the new exclusion clause.

Boyce commented: “The SRA is right to seek a solution that provides clarity, without compromising the safety of solicitors’ clients. 

“However, we would prefer for the SRA to introduce wording affirming that solicitors’ MTC-compliant PII covers all cyber risks, including first party losses.”
She warned an “unintended consequence” of the proposed clause may be that firms will feel “compelled” to purchase cyber insurance and their mandatory PII from the same underwriter, limiting the insurance options available. 

Boyce added: “Some firms may feel forced to close if they can’t purchase cyber insurance. These pressures will likely affect smaller firms and those operating in areas such as conveyancing more than larger firms, as they may be likely to experience more serious restrictions of their already limited options.”

She also highlighted the potential impact on diversity within the profession and the subsequent effect on access to justice for already underserved communities.

She said: “Unless these issues can be resolved, the proposals set out in this consultation would present substantial new risks to our members and the consumers of their legal services.

She urged firms to remain vigilant regarding cyber security: “As a precaution, cyber risks should be closely monitored on an ongoing basis. 

“The only realistic hope of remaining on top of this issue is by continually tracking developments in technology, reviewing arrangements to ensure they are keeping pace, and being prepared to consider changes, in order to provide solutions, should any novel challenges arise.”