Risk Managment Column - Court finds attorney liable for cybercrime loss
In the last decade, the Legal Practitioners Indemnity Insurance Fund NPC (the LPIIF) has spent a considerable amount of its risk management resources alerting members of the legal profession to the increasing risks associated with cybercrime. The warnings have, unfortunately, either gone unheeded in many cases or reached the intended recipients too late as can be gleaned from the more than 137 cybercrime related claims notified to the insurance company since 1 July 2016 when the cybercrime exclusion (clause 16(o)) was implemented in the Master Policy. The value of repudiated cybercrime claims now exceeds R85 million. This figure only represents those claims that are reported to the LPIIF.
The number and value of cybercrime claims reported by legal practitioners to the commercial market are not made publically available as is the data for such claims where members of the profession have to bear the losses as a result of not having appropriate risk transfer measurers (insurance or otherwise) for this risk. Ongoing attempts by the LPIIF over a number of years to get the law enforcement agencies (the police and the National Prosecuting Authority) to prioritise the investigation of these matters have, unfortunately, not met with any traction. We have even offered to make specialist resources available and have had discussions with a number of the other stakeholders (including some of the banks) who had undertaken to provide assistance to the law enforcement agencies investigating these crimes.
At times, the lessons to be learned from certain risks are best taught by relating ‘war stories’ as will be demonstrated in an examination of a recent matter where the court found a practitioner liable for a loss suffered by her clients following on cybercrime.
Telephone: (012) 622 3928