Randy Evans, left, and Shari Klevens, right. (Courtesy photos)
Statistics regarding the type, frequency and severity of legal malpractice claims submitted to insurers during 2016 were released at the end of June. From the law firm and attorney perspective, the news is generally good in that the number of malpractice claims has remained relatively steady. For insurers, however, the news is less rosy, because legal defense costs, claimed damages and settlement sums continue to climb.
In its seventh annual survey, Ames & Gough, a risk and insurance adviser to the country’s largest law firms, provides data relating to legal malpractice claims submitted last year. The survey includes information obtained by polling nine leading insurance companies that insure approximately 80 percent of the Am Law 100 firms.
While the frequency of legal malpractice claims has remained near constant on a year-over-year basis, it continues to remain well above the prerecession level, perhaps indicating a “new normal.” Notwithstanding this relative stability of claim frequency, claim severity continues to be an issue.
Indeed, the data show that legal malpractice claims are becoming more expensive, both in the potential damages and in the defense. With respect to damages, 6 out of 9 insurers reported claims for which they maintained reserves exceeding $500,000, and at least one insurer paid a claim exceeding $100 million.
With respect to defense costs, all participating insurers reported an increase. The factors primarily driving these increases are claim complexity and e-discovery, along with defense rate increases. As to the latter, a majority of insurers reported at least a 2 percent increase in average rates paid to defense counsel.
Conflicts remain the most common error resulting in legal malpractice claims. Nearly all participating insurers cited conflicts as either the first or second biggest cause of claims. Interestingly, about half of participating insurers witnessed an increase in conflicts claims involving lateral hires, some of which stemmed from inadequate resolution of a conflict of interest.
Cyber-related malpractice claims have continued to rise, with the majority of insurers indicating more cyber claims last year than in prior years. Of those insurers, four noted that most cyber events involved hackers. This trend is not at all surprising, given the increasing number of news stories involving global hacking operations and ransomware threats.
These data points can be extremely useful tools for attorneys and firms to identify potential areas of risk and prepare accordingly. In light of these trends, law firms may wish to consider the following tips to help avoid becoming another malpractice statistic.
Shore Up Conflicts Protocols
Claims involving conflicts are notoriously easy for a malpractice plaintiff to explain to a jury. Juries also appear to treat such claims seriously, because they suggest an attorney’s violation of one of the utmost duties owed to clients: loyalty. As a result, it is worthwhile for firms to ensure that they have the proper systems in place to identify and resolve conflicts.
The survey results show the importance of thorough conflict checks, using established systems and data, before beginning a representation. Attorneys and firms also can benefit from ensuring that, when they check for conflicts, they are using complete and adequate information.
The system is only as good as the information it contains and the search being conducted. If an attorney is not thorough about which parties are actually involved in a litigation (whether as named parties, interested parties or related entities), a conflict of interest might go completely unnoticed. This is particularly so in actions involving corporations with unnamed parents or related or interested parties.
In the case of lateral hires or law firm combinations, it is critical that firms do their due diligence. Conflict checks in these situations require special attention. When recruiting laterals or pursuing mergers, many law firms will consider the potential for conflicts and take appropriate measures to protect the firm against their consequences by addressing any conflict issue as soon as possible.
Implement or Update Technology Security Protocols
Technology enables attorneys to conduct business on the go, but it also puts client and firm data at risk. Law firms can minimize the risk of a data breach by implementing or revising protocols designed to protect information on the firm’s secure environment and on devices, like smartphones and laptops.
As the new data results show, hackers still pose a great risk to attorneys and law firms. This is confirmed by recent headlines. In May, for example, the WannaCry ransomware attack impacted hundreds of thousands of computers in over 150 countries. And just last month, the Petya/Petrwrap ransomware outbreak went global, infecting at least one large law firm. The threat posed by hackers is real.
Firms can do things to help protect their data, however. One step that can help reduce the risk of data transmitted outside of a firm’s secure environment being intercepted is to encrypt it. With software or the use of a virtual private network (VPN), law firm personnel can make sure that all data transmitted to third parties or over public networks is protected.
Regarding devices, many firms require highly secure passwords that must be changed regularly, both for access to firm systems and for access to the devices themselves. Some firms may also consider remote-wiping, which deletes all data or confidential information on a device that is lost or stolen. This can help reduce the risk from sophisticated hackers as well as from those who discover a lost device and then gain access to all of a firm’s systems.
Consider Cyber Liability Insurance
In general, a lawyer’s professional liability insurance policy may cover a firm for a malpractice claim by a client that arises from a breach relating to data. However, many law firms mistakenly believe their traditional malpractice policy will cover any number of cyber-related claims, even those that do not result in a traditional malpractice claim. This might not be the case. Typically, the broadest coverage is provided by purchasing a policy that is specific to cyber-related issues, which are often unrelated to traditional legal malpractice claims.
Standalone cyber policies can help provide coverage for costs outside a traditional malpractice claim, such as those related to satisfying regulatory reporting requirements, internal costs to repair the firm’s systems, reputational costs, business interruption and any damage to first-party data that would not otherwise be covered under a traditional professional liability policy.
By evaluating and incorporating some of these tips, law practices can lower the likelihood of receiving a claim with a potentially devastating impact.