Viewpoint: AI, Cyber Top List of Complex Legal Professional Liability Claims to Watch

The lawyers professional liability segment hasn’t been immune to increasing claims frequency and severity as growing economic challenges and an ever-evolving legal landscape heighten the exposures faced by law firms.

Despite a slight reprieve during 2020 when the COVID-19 pandemic shut down the courts for some time, the number of malpractice claims against law firms has been steadily rising year over year since 2019. But what is even more worrisome than the growing frequency is the severity attached to these claims.

In the 2023 Ames & Gough survey, 10 lawyers professional liability carriers responded that legal malpractice claims frequency appears to have stabilized the last few years, but “rising claims severity continues to be a major challenge for law firms.”

According to the survey, two carriers surveyed paid claims between $150 million to $300 million, and seven out 10 of the reporting insurers paid out claims of more than $50 million in the last two years. Nine of the 10 insurers surveyed again reported paying higher defense costs and higher defense counsel rates in 2022 compared with 2021.

Typical lawyer malpractice claims include:

• Conflicts of interest.
• Misapplications of the law or attorney work on a case outside their area of expertise.
• Missed deadlines or calendaring mistakes that affect the outcome of a case.
• Poor communication with client.
• Disputes between attorneys and clients.

But there are also several other evolving claims trends claims professionals should be watching:

1. Cyber risk

As cyber risks grow globally, law firms and their clients are finding themselves victims of complex criminal schemes.

The most frequent cyber claims currently are related to phishing and social engineering schemes. Because law firms routinely possess clients’ confidential information, they are prime targets for hackers. Financial, credit and account banking information, healthcare records, Social Security numbers, employment files, family history and other personally identifiable information are a treasure trove for cybercriminals looking to exploit firms with weak processes and system protocols.

Law firms are increasingly falling victim to schemes that involve someone clicking on a compromised link or responding to a phishing email, giving a hacker access to the firm’s or insured’s computer network. We’ve seen numerous situations where these cyberterrorists have accessed the email accounts of a client or law firm and learned of the timing and financial details of real estate or other business transactions. The criminals have been successful in duping unsuspecting individuals into changing bank routing and account numbers, either by a fraudulent email or phone call, telling them there has been a change in the banking information and to wire the funds to a new account. Not surprisingly, the funds end up being wired into the criminal’s bank account instead of the intended recipient’s account. Recovery of the funds is often very difficult and, in many cases, impossible.

It is imperative that law firms provide regular cyber training for all employees and have strong cybersecurity measures in place to ensure no staff members unwittingly fall victim to a social engineering scheme.

As these cybercrimes continue to evolve and become more sophisticated, insurance coverage available to law firms is also changing. In the past, a law firm’s professional liability policy was most likely silent or ambiguous on cyber losses. This left insureds uncertain if a phishing attack or other cyber-related loss was covered by their policy. Additionally, and to complicate coverage for an insured, many lawyers professional liability policies excluded loss arising from the conversion or co-mingling of funds. Recently, however, insurance carriers have been clarifying their policy terms to explicitly define exactly what — or if — coverage is available for particular cyber-related claims.

Insurance producers and insureds should know if their professional liability policy includes coverage for these losses. If cyber losses are excluded, a cyber endorsement or sublimit may be available by the carrier.

2. Carrier lawsuits against their insurance defense firms

A few decades ago, lawsuits by an insurance carrier against its panel firms for malpractice were rare. Today, however, in numerous jurisdictions, the courts have allowed malpractice suits by carriers against the firms they retained to represent an insured’s interests, as long as no conflict of interest between the carrier and the insured exists.

Some claims examples include:

• When a defense firm fails to file an answer to a complaint on behalf of a client, resulting in a default judgment that then is paid by the carrier.
• When a defense firm takes an overly aggressive position during discovery that results in sanctions or evidence being barred from being introduced at trial.
• Failing to timely secure experts or witness testimony.

If these types of situations occur, the resulting loss suffered by the carrier (and insured) may subject the law firm to a claim for subrogation by the carrier for malpractice.

In contrast, some jurisdictions, like California, prohibit the assignment of a malpractice claim through subrogation. Thus, for insurance defense attorneys, it is important to know the law of the jurisdiction and what conduct may or may not subject them to liability.

3. Artificial intelligence (AI)

The meteoric rise of the use of artificial intelligence (AI) in business and legal communities is still in its infancy but is being watched with great interest in the insurance markets. With the promise of efficiency and savings, the temptation for businesses and law firms to use AI must be measured against the increased risk of claims for data and privacy breaches, intellectual property violations, errors and false information and reputational damage.

An attorney using AI to write legal documents runs the risk of false information being generated by AI or the inadvertent disclosure of attorney-client-protected confidential information, all which may result in a malpractice or disciplinary claim against them.

Whether this becomes a significant issue for the legal industry remains to be seen. According to the New York Times, “the legal profession has been identified as a ripe target for AI automation in the past,” but AI hasn’t proven to be a true disrupter, yet.

Law firms should have a clear understanding of their professional duties when using AI tools and take steps to mitigate the risk of potential claims, including conducting a thorough review of any AI-produced documents.

Economic challenges increase law firm exposure

In challenging economic times, claims severity and frequency generally trend upward. Struggling companies looking to shift the blame for bad business deals or clients looking to avoid paying legal expenses may be inclined to make claims for malpractice against their attorneys.

Law firms can take steps to mitigate this and other potential risks:

• Carefully select clients. Not every prospective client is one a firm should take on, particularly if they are in financial distress and have had multiple law firm engagements on the same matter. Law firms can avoid headaches by thoroughly vetting potential new clients and avoiding the urge to grab every new client that comes through the door. Understand that suing a financially struggling client for fees usually invites a claim for malpractice which must be tendered to your insurance carrier, so it may be best to avoid the representation in the first place.
• Establish a detailed engagement agreement and keep good documentation. All legal arrangements should be detailed and agreed to by the client in writing. The agreement should be clear with who is being represented and the scope of the engagement. If the engagement should change over time then the agreement should likewise be amended.
• Maintain vigilance when communicating with clients. Doing business over text may be a fast way to communicate with a client but it may also open up the door to a malpractice claim. For example, that quick reply text to a client about contract wording and its intent may not be as robust as needed in that instance. When a dispute arises about the intent or when a client complains that it wasn’t fully explained to them, that text message may be problematic.

With so many evolving risks and challenges facing law firms, comprehensive risk management resources are essential. Agents and insureds should familiarize themselves with and take advantage of their carrier’s risk management services to avoid costly claims.