Insurance coverage for cyberattacks can be tricky for anyone to navigate, including lawyers. To illustrate this point, a case in New Jersey caught my eye that I thought would be an interesting read for our followers who are lawyers.

In the case of SIMIE Mutual Insurance Co. v. Rankin, No. 23-cv-3974, 2023 WL 4763390 (D. N.J. July 25, 2023), lawyer John Rankin was the victim of an email scam that compromised his email account. He and his clients were involved in a real estate deal, and his clients received an email from the lawyer advising them to wire $437,000 to a title company.

Unbeknownst to the clients, the lawyer’s email account had been compromised, and the instructions were coming not from their lawyer, but from the threat actor who had taken control of the lawyer’s email account. The clients followed the instructions and wired the funds to a fraudulent bank account. The funds were not recovered. The clients made a claim against the lawyer for the funds lost, and he apparently notified his professional liability insurance company of the claim.

The professional liability insurance company (SIMIE) has alleged in a Complaint that the policy does not cover cyberattacks, and that the lawyer could have purchased a cyber liability policy but did not. The insurance company is seeking an order from the court that there is no coverage for the claim. Lesson learned: For professionals –understand the different coverages that may apply to your business, including for cyberattacks. Relying on a professional liability policy for coverage following a cyberattack may not serve you well.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.