The QLS Cyber Essentials Insurance policy provides up to $50,000 per claim(*) for Member Practices subject to data theft, accidental data release and hacking. The policy covers selected first party losses, picking up where the Lexon third party cover ends.
Any Member Practice that knows or suspects it has been subject to attack should contact the hotline on 1800 027 428 (available worldwide 24/7/365) for immediate review and assistance. No excess is payable unless a claim is lodged.
The following cyber incidents are covered:
- Privacy incidents (loss of personal data)
- Network security incidents (malware, hacking, unauthorised access)
- Extortion and ransomware
- Cyber crime (theft of money)
- Business interruption.
Before considering the product’s suitability for your particular circumstances always consult the full policy document terms and conditions.
Costs covered include:
- Incident manager
- Network repair
- Forensic investigation
- Specialist IT assistance
- Dealing with regulators
- Notifying clients
- Call centre
- Specialist legal advice
- Public relations
- Credit monitoring for affected clients
- Ransom payments and negotiations
- Data recovery
- Limited business interruption costs
All QLS Member Practices also insured by Lexon are covered by the QLS Cyber Essentials Insurance Policy from 31 August 2023 – 31 July 2024. Policy continuation from that date cannot be guaranteed. Cover is subject to the Group Policy Limit (see below) and benefits may reduce where the firm does not comply with minimum data protection obligations.
A QLS Member Practice is a practice where each Principal is a full QLS member. For definition of Principal, see Legal Profession Act (Qld) 2007 s 7.
Provided your practice is a QLS Member Practice and obtains your professional indemnity insurance through Lexon, Cyber Essentials Insurance will apply without any further action on your part.
Not sure if your practice is a QLS Member Practice? Contact the Records and Member Services Team at firstname.lastname@example.org or on 1300 367 757.
Group Policy Limit (*)
The total loss insured under this policy is an aggregate of ten million dollars for all Member Firms collectively ($50,000 per Member per incident). Losses during a policy year in which claims exceeding that aggregate limit have been made will not be accepted. Based on the claims history from 2019 – 2022 it is unlikely that this limit will be reached, but QLS cannot exclude the possibility.
Firms which obtain Top Up Cover will not be subject to the Group Policy Limit.
Top Up Cover
Top Up Cover may be obtained by applying with this completed form to Mitchell.O'Donnell@marsh.com. All Members are encouraged to consider their exposure and the likely cost of repairing their own firm’s network and data if a serious incident occurs.
Third party losses suffered by clients are insured by the Lexon PII. The insurer may require additional security measures prior to granting Top Up Cover.
Your firm’s cover may reduce if you do not protect your network environment appropriately. Requirements include:
- only use supported software (software for which the supplier is monitoring vulnerabilities and supplying updates)
- ensuring all software patches are applied promptly (a progressive penalty excess applies for patches not applied longer than 45 days from them becoming available)
- exclusion of loss arising from the Log4J vulnerability or Microsoft Server Vulnerability (CVE numbers: 2021: 044228, 2021: 26855, 26857, 25858, 27065, 11510, 8260, 8243 & 22893)
Full terms and conditions
The full wording of the policy, including important limits and exclusions, can be obtained from the following link: QLS Chubb 2023 - 2024 Insurance Policy
Only Members can view the schedule, and will need to give a confidentiality undertaking before obtaining a copy.
Make a claim
If you need help, call the Incident Response Hotline on 1800 027 428 (available worldwide 24/7/365).
An incident manager will help you decide whether there is an issue that requires follow up. This triage is free, and no excess is payable until you have established that an insured event has occurred and help is needed. Expert help is available from the insurer’s panel of industry leading specialists or you can Bring Your Own Expert (talk to your incident manager about how to arrange that first.)
To move from the initial assessment to activate a formal claim, the following will be needed:
- insured name
- date of loss
- nature of cyber incident including a brief summary of facts and circumstances
- confirmation as to whether an IT specialist has been instructed, and if so, please provide details of the IT specialist and copies of any retainer
- copy of any IT reports or screenshots of the cyber incident
- contact person.
Standard cover is $50,000. Whether this is adequate will depend on your firm’s circumstances.
24 hours a day, seven days a week.
For questions or comments contact the QLS Ethics and Practice Centre on email@example.com.