How Engagement Letters Can Help Reduce Cyber Liability Claims

Admin
January 8, 2025

The digital era brings exciting technology for the processing, storage, and manipulation of information that is useful for accountants and lawyers. As a professional, it is your responsibility to protect your client's data under all means necessary. However, digital technology bears the risk of cyber breaches, which could lead to the exposure of confidential information. When a breach occurs, how can you protect yourself from cyber liability claims? Below is an explanation of cybercrimes targeting your practice and how you can protect yourself through engagement letters.

 

What Motivates Cyber Crimes?


Cybercrime refers to crimes that use computers to commit offenses. There are several types of cybercrimes, each with different motivations. Crimes such as social engineering, identity theft, and phishing hunt for personal information. Usually, cybercriminals will go for the following:

  • Personally identifiable information (PII) such as social security numbers (SSNs), names, addresses, or birthdates
  • Financial information such as banking details, billing accounts, and insurance information
  • Health information, including health records and medical insurance
  • Payment card information
  • Credentials such as accounts information, username, and passwords
  • Education information, including enrollment details and transcripts.

 

What Can Cyber Criminals Do with Stolen Information?


Most of the stolen information ends up on underground markets where criminals can access it. The data can be used to commit identity fraud, file fraudulent tax returns, create counterfeit cards, make purchases, launch phishing attacks, blackmail others, among other crimes.

 

What are the Costs of a Cyber Breach?


A report by IBM and Ponemon Institute places the cost of a data breach for a business at $392 million. The cost is highest in the United States at $8.19 million. The healthcare industry and financial industry topped the list in terms of breaches at $6.45 and $5.86 million, respectively. These costs include legal fees, regulatory fines, the loss of lost business, and lost value.

It is worth noting that the effects of a data breach last long after the attack. 67% of the costs come in the first year, 22% in the second year, and 11% in the third year. Equifax is still feeling the effects after a data breach in 2017. Cumulatively, the attack has cost the giant company more than 1.5 billion USD. While these costs reflect on large businesses, it is crucial to note that small businesses are also targets. Criminals do not look for the biggest jackpot, but the easiest.

In 2012, Trustwave found that 90% of the data breaches targeted small businesses. At the time of the study, the cost of a data breach averaged anywhere between $36,000 to $50,000. This cost does not include any expenses you might incur as fines, forensic investigations, customer notification and loss of business. A different study conducted in 2015 to 2016 found that small businesses spent an average of $879, 582 due to the damage or theft of IT assets after a breach. Also, the disruption of normal business operations cost $955, 429. The hardest part is that 60% of small companies go out of business after an attack.

 

Why Are Engagement Letters Important?


Engagement letters are legally binding


Engagement letters provide security for you and your client. When a dispute arises, you can fall back to the engagement letter for interpretation. You also reduce any vagueness arising from verbal agreements. Also, an engagement letter lays down all the procedures due to communication, security, and dispute resolution.

Engagement letters set expectations


Clients will come to you for specific services and expect a price to which they can agree to. However, without a clearly described scope of work, you may end up offering services for free. An engagement letter protects your practice from scope creep. 

Engagement letters reduce risk


Engagement letters reduce your professional liability insurance premiums. Any negligence on your part will cost you more on insurance.

 

How Can Engagement Letters Reduce Cyber Liability Claims?


In this digital era, most information is stored online or on computers. While these machines are efficient, they also come with a cyber-breach risk. After taking all measures to protect client information, your professional practice can lose data to a breach.

Accountants and lawyers are held liable for their client's information. When a breach occurs, you will be held responsible for losing client information. Ultimately, all breaches are not preventable, but you can work towards mitigating risk. As explained earlier, engagement letters lay down the specifics of the relationship between you and your client. The elements in your letter are crucial in reducing cyber liability claims.

 

Communication Protocol


An engagement letter should lay down the rules for electronic communication and the cybersecurity protocol in place. You and your client need to agree on a means of communication, such as email. The discussion should also include talks on the risks involved. For example, the use of unencrypted emails poses more risks than encrypted mail. While your business may take all reasonable measures to secure the emails, you may have no protection against unauthorized access.

In this case, the engagement letter should include a clause that consists of the agreed means of communication, and any measures, if any, to be taken to prevent a hack. Since engagement letters are legally binding, clients cannot sue if a breach occurs. However, should you include cybersecurity measures, be sure to inform the clients of the cost due.

 

Limitation of Liability Clause


Alternatively, you can include an absolute liability waiver. This clause waives any liability for the loss of personal data resulting from a breach. These waivers are also known as limitation of liability clauses. They are not always legally enforceable and vary depending on the jurisdiction. However, they are an excellent defense, especially if you took all reasonable measures to protect client information.

 

Alternative Dispute Resolution Clause


Alternative dispute resolution (ADR) methods take a shorter time than lawsuits. In the event of a dispute, it is better to go to an arbitrator or mediator. Aside from being speedy, an arbitration hearing allows you to present your case before a technically-minded person. The person listening to your plea will have an understanding of the technicalities in your industry. It is, therefore, essential for you to include an ADR clause in your engagement letter. When a dispute arises due to a cyber-breach, your client cannot take you to court.

 

Indemnity Clause


An indemnity clause lays out the compensation due to your client when a breach occurs due to your actions or lack of effort. More specifically, indemnity clauses specify the conditions under which you can indemnify the client. By determining the compensation due and the circumstances, you will have a better understanding of the liability in case a breach occurs. Any payment you make depends on the scope of indemnity and the duration of the indemnity.

 

 

There are several ways to navigate cyber liability claims, and we at Protexure have the requisite experience to guide you. With professionally crafted engagement letters and professional liability insurance to fall back to, you can protect your practice against any claim.  Contact us today for more information on cyber liability claims.
Go Back

Related Posts

Why Retiring Lawyers Should Think Twice Before Switching Professional Liability Carriers
Thu, Dec 11, 2025

Why Retiring Lawyers Should Think Twice Before Switching Professional Liability Carriers
Lessons from the Courtroom: Real Cases for Small Law Firms
Thu, Nov 27, 2025

Lessons from the Courtroom: Real Cases for Small Law Firms
EBOOK: How Strong Communication Drives Attorney-Client Satisfaction
Mon, Nov 17, 2025

EBOOK: How Strong Communication Drives Attorney-Client Satisfaction

Ready to Get Started?

See how Protexure can help

Contact Us
Professional Liability Estimate for Accountants Professional Liability Estimate for Lawyers