Insurance coverage for cyberattacks can be tricky for anyone to navigate, including lawyers. To illustrate this point, a case in New Jersey caught my eye that I thought would be an interesting read for our followers who are lawyers.
In the case of SIMIE Mutual Insurance Co. v. Rankin, No. 23-cv-3974, 2023 WL 4763390 (D. N.J. July 25, 2023), lawyer John Rankin was the victim of an email scam that compromised his email account. He and his clients were involved in a real estate deal, and his clients received an email from the lawyer advising them to wire $437,000 to a title company.
Unbeknownst to the clients, the lawyer’s email account had been compromised, and the instructions were coming not from their lawyer, but from the threat actor who had taken control of the lawyer’s email account. The clients followed the instructions and wired the funds to a fraudulent bank account. The funds were not recovered. The clients made a claim against the lawyer for the funds lost, and he apparently notified his professional liability insurance company of the claim.
The professional liability insurance company (SIMIE) has alleged in a Complaint that the policy does not cover cyberattacks, and that the lawyer could have purchased a cyber liability policy but did not. The insurance company is seeking an order from the court that there is no coverage for the claim. Lesson learned: For professionals –understand the different coverages that may apply to your business, including for cyberattacks. Relying on a professional liability policy for coverage following a cyberattack may not serve you well.