The final layer of protection to discuss is a last resort option, but also necessary: insurance.

There are insurers who offer protection for losses due to cyberfraud. The mandatory insurance provided by SLIA/CLIA has some cyber protection, for example.

Cyber-insurance is not the ultimate answer, though. There can be significant limitations in a policy, so carefully review it to ensure it is worth the cost. The increase in cyberfraud has caused insurers to be much more restrictive in coverage, and adequate protection may be cost-prohibitive. This does not mean to ignore insurance, but the other measures discussed in this module must also be implemented.

The types of insurance vary as well. Some include coverage for the cost of data recovery, or even ransom payments (to limits, of course). The thing to remember is that the actual insurance recovery is usually only a fraction of the losses which cyberfraud can cause. If a law firm is unable to conduct business for a long period because it cannot use its computers or data, the cost can be enormous. Business interruption insurance may help with this. There might also be a reputational hit, and insurance might be sought for that as well.