Cyber FAQs
Experienced a cyber breach?
If you suspect your emails have been compromised contact Lawcover’s Cyber Policy Response Team
Frequently Asked Questions
Who is the Insurer of the cyber risk insurance policy?
The 2025/26 cyber risk insurance policy is underwritten by Tokio Marine Kiln. Although Lawcover has arranged and purchased the policy, the cyber insurance relationship otherwise operates directly between the insured law practice and Tokio Marine Kiln.
Additional Privacy Obligations
Changes to the Privacy Act 1988 (Cth) from February 2018 require mandatory reporting of eligible data breaches for many law practices.
Regardless of size, all law practices should be aware of the privacy legislation because:
- Larger practices with annual turnover in excess of $3 million are subject to the legislation by default
- Practices holding tax file numbers are subject to the legislation for the purposes of those records
- Many law practices hold health records, which fall within the legislation (for example practices acting in personal injury litigation and holding medical information or practices holding medical certificates in relation to individuals’ legal capacity for the purposes of powers of attorney)
If your law practice falls into any of these categories it is required to comply with the new privacy regime.
Even if your law practice does not fall within this regime, protection of clients’ sensitive information is required under Solicitors’ Rules. Adequate cyber security protection is therefore an important component of modern legal practice.
What if I already have a cyber risk insurance policy?
Lawcover’s cyber risk insurance policy is available to your law practice, whether or not you already hold separate cyber risk insurance.
How do I notify a cyber event or data breach on the cyber risk insurance policy?
To notify a cyber event under the policy, the law practice should contact the cyber incident response team at Colin Biggers & Paisley Lawyers (CBP Lawyers) who will make an initial coverage assessment. Notifications must be made as follows:
| By telephone: | 1800 4BREACH (1800 427 322) |
| By email: | Email submission |
The CBP Lawyers cyber incident response team will assess the notified cyber event and advise the law practice whether coverage is available and if so, will act on a reservation of rights basis from that stage.
Lawcover is not the insurer for the cyber risk insurance policy and notifications should be made directly to the CBP Lawyers incident response team as above.
Where do I get more information?
Click here to access all Lawcover cyber risk information, including a copy of the cyber risk insurance policy.