Cyber & Data Security Insurance for Law Firms

Cyber incidents can harm your law firm's operations, reputation, and financial stability. Designed by Marsh in partnership with reputable underwriters, Marsh’s Cyber & Data Security Insurance complements your cyber coverage under your PII policy to safeguard your firm against a wide array of cyber losses, including the recovery costs needed in the event and aftermath of a cyber incident.

Get a quote

Why Marsh’s Cyber and Data Security Insurance is essential for law firms in Malaysia

In Malaysia, cybercrimes caused about RM600 million in losses in 2022,¹ with 76% of businesses reportedly experiencing a cyber incident — more than any other country in the Asia-Pacific region — with 61% of incidents resulting in business interruption and 57% resulting in data loss.²

The hard truth is that law firms are targeted by cyber criminals as they possess clients’ sensitive data and proprietary information. Even though nearly 3 in 4 businesses in Malaysia purchase cybersecurity tools,³ cyber incidents that result in financial and reputational losses continue to occur. Aside from cyberattacks, losses and data breaches also commonly arise from human error or system failure, which means your legal practice may be more vulnerable than you think.

The professional Indemnity insurance policy may cover your law firm’s liability (e.g. via legal suit/demand) for any breach of client’s data which you are holding.

This Cyber and Data Security insurance will cover the immediate cost incurred in the event of a cyber-attack or event.

Marsh’s Cyber & Data Security Insurance is an added on scheme that complements your existing Cyber Liability component, enhancing your protection with cyber & data security risks not covered under the firm's Professional Indemnity Insurance, including losses from cyber extortion and public relations costs.

These are the essential coverages that Marsh’s Cyber & Data Security Insurance covers:

Cyber extortion

Covers the expenses arising from a cyber extortion threat.

Forensics costs

Covers the payment for a forensics consultant to identify the hacker and the source of the attack, and payment for a security specialist to assess the electronic security and temporary storage of the insured’s electronic data.

Business interruption

Reimburses the loss of business income as a result of the cyber incident causing interruption, degradation in service, or failure of the insured’s computer systems.

Data breach notification costs

Covers expenses incurred or obligated following a breach of data held by the insured, notification of customers, legal fees and costs associated with administering the notification process.

Information and communication asset rectification costs

Covers repair and restoration of the insured’s computer systems arising from damage, destruction, alternation, corruption, or misuse from the cyberattack.

Regulatory defence and penalty costs

Covers payment related to regulatory action, penalty, or fine (when insurable by law).

Public relations costs

Covers payment incurred to engage a public relations and crisis management consultant to avert or mitigate any damage to the insured’s brand and operations.

Credit monitoring costs

Covers payment incurred for a credit monitoring service in compliance with data breach law.

The coverage and annual premium can be tailored to your law firm’s size, needs, and budget, with the Limit of Indemnity (i.e. limit for any one claim and in the aggregate) ranging from RM50,000 to RM1 million. Each policy carries a deductible that is applicable to each and every claim.

Marsh’s Cyber & Data Security Insurance: The preferred option

Compared to other cyber insurance policies, Marsh’s Cyber & Data Security Insurance reduces the application time significantly (as opposed to the usual three to six months) as no additional form-filling is required.

We also recognise the importance of continuing to promptly attend to your clients and cases even when a cybersecurity incident occurs, hence the insurer provides 24/7 access to their incident response team as part of your coverage to help you respond to your clients and the Courts with minimal delay — reducing your overall downtime.

Why Marsh

With over two decades of experience working with Malaysian law firms, Marsh is a trusted advisor for managing cyber risks. Our tailored insurance solutions are backed by industry expertise and a commitment to protecting your practice.

Ready to be cyber secure?

¹New Straits Times. (14 January 2023). Almost RM600 million lost to cyber crime in 2022.

²Kroll. (2022). The Cyber Threat Landscape in Malaysia.

³Kroll. (2022). The Cyber Threat Landscape in Malaysia.

FAQs

Why would a hacker attack a law firm of my size?	Cyberattacks are usually carried out on a blanket basis (versus a targeted basis), so businesses of all sizes might be impacted. Smaller law firms may be more vulnerable because they typically lack substantial preventive measures.
Can I claim my internal IT costs from a Cyber policy in the event of a cyber incident?	No. The cost incurred by your internal IT cannot be claimed under this cyber policy.
Can I engage my own forensics IT team?	The policy requires you to use the underwriter’s preferred forensics IT team in the event of an incident.
Will this policy cover all office branches	Yes. However, this will have to be indicated on the Proposal Form.

For Mbar enquiries:

Phone: 03-2723-3241
Email: mbar@marsh.com