Helping Law Firms Stay Connected and Resilient

Digital connectivity has made law firms faster, smarter, and more collaborative - but as recent events have shown, it’s also tied firms’ success to systems they don’t control. In October, a major cloud-services outage at Amazon Web Services brought over 1,000 websites and apps around the world to a halt.¹ In recent years, a cyber-attack on a shared IT provider paralysed dozens of UK conveyancing practices, leaving them unable to complete transactions or serve clients.²

At a time when tech crises can ripple through the legal industry in minutes, brokers play a pivotal role in ensuring firms stay operational - and trusted - when disruptions strike.

For law firms, these events serve as reminders that business continuity and operational resilience can’t be check-box exercises. Brokers have an opportunity to ensure risk management practices are embedded, active and evolving in their clients’ firms.

Philippa Wilkin, Senior Risk Management Consultant at Travelers Europe

Why resilience matters in the legal sector

In law firms, minute-by-minute access to systems, secure data and workflows is critical. Missed deadlines, lost client files or inaccessible portals aren’t just operational nuisances - they can lead to regulatory breaches, reputational damage and client service failure.

Dependencies extend beyond the firm. A failure at a third-party provider can cascade to many practices at once. For brokers, advising law firm clients requires an all-encompassing assessment of continuity and resilience. Taking these actions can help:

1. Map critical services and dependencies

Any meaningful resilience plan starts with a realistic inventory. Assess what absolutely must continue when things go wrong. For a law firm, this might include secure file-access systems, client communications tools, court-filing portals, remote working connectivity, and vendor-provided cloud services.

Questions to ask: Which external cloud, internet or software vendors does the firm rely on? Are there single points of failure? Where across the supply chain might things go wrong? (This "Q2 2025 Cyber Threat Report" from Travelers Europe may help manage risks beyond the firm.)

2. Assess third-party vendor risk – and insurance implications

Law firms commonly depend on cloud, data centre and software vendors. Brokers can ensure clients understand vendor failure is a continuity risk and not just a cyber risk. Continuity assessments should include reviews of contractual terms with providers and determine whether existing insurance protects against vendor service interruptions.

Questions to ask: Can the vendor survive its own cyber-attack? Is there alternate access if cloud services are down? Does the firm’s insurance include business interruption cover from third-party failure? If not, what protections are in place?

3. Test – because plans alone aren’t enough

Law firms should test a number of scenarios so they understand how they would respond to a vendor outage, a cloud platform being down, or a ransomware lockdown. It’s important to look beyond technology too, asking how these risks might impact the firm’s people, processes and client communications. Regular testing can reveal gaps, build muscle memory and ensure the firm treats the plan as an active discipline - not a “set it and forget it” exercise.

Questions to ask: If the cloud platform goes dark, can lawyers still access files and communicate with clients? Do they have manual workarounds? Who steps in? How are clients notified? If a vendor fails, when does the continuity plan kick in, and what is the escalation path?

4. Communicate through the disruption

When disruption happens, the immediate focus often falls on fixing the technology. But leadership, messaging and decision-making are equally important. Brokers can encourage firms to include communication protocols in their continuity plan, as well as templates for staff, clients, regulators, and vendors. These should be tested alongside technology scenarios. Clear and timely communication can mitigate reputational damage and preserve client relationships.

Questions to ask: Does the firm know who declares the incident? Who communicates internally and externally? How are clients informed?

5. Manage compliance, regulation and governance

Updates and changes in regulation can leave law firms open to unexpected risks when it comes to operational resilience and ensuring business continuity. A disruption that affects control systems, legal processes, or client workflows can have regulatory implications.

Brokers can frame resilience not only in operational terms, but also as part of a law firm’s governance and regulatory compliance. This can include mapping how continuity failures might trigger regulatory breaches and ensuring insurance cover reflects those exposures.

Questions to ask: Is there a clear process for keeping up to date with regulatory guidance? Would the firm benefit from specialist compliance advice from a third party?

6. Link resilience to insurance strategy

The stronger the resilience framework, the more favourable the underwriting conversation. Brokers can partner with clients to articulate how to mitigate continuity risks, perform tests, and oversee governance. This helps firms to demonstrate preparedness, which in turn can support better cover terms and risk differentiation.

Questions to ask: Does the PI/cyber/business interruption policy explicitly address vendor failure? Is there insurance in place if a cloud platform outage causes mass disruption? How does the governance of continuity affect the firm’s risk profile? (These "Five Things Brokers Should Know About Cyber Insurance" may help guide the conversation.)

7. Track lessons learned

Even the best plan will reveal gaps once deployed in a live (or simulated) event. That’s why post-incident reviews are vital. Every disruption or exercise should trigger a “what went well/what didn’t” review and feed plan updates to ensure the continuity programme evolves.

8. Supplement risk management with appropriate insurance protections

Brokers can encourage clients to embed business continuity oversight into governance (board minutes, risk committee reviews), monitor vendor health, and treat resilience as a dynamic discipline. Insurance wraps around those risk management practices, strengthening the safety net. Brokers can ensure their clients have cyber liability insurance to appropriate levels based on their business needs and risks. It can protect the business from evolving cyber threats and help them resume trading with minimal interruption in the wake of a cyber-attack.

Outages and cyber-attacks are wake-up calls for firms and opportunities for brokers to help strengthen clients’ protection. Taking action to support continuity and resilience can preserve a firm’s reputation, compliance and service at a time when the unexpected can easily become reality.

Philippa Wilkin, Senior Risk Management Consultant at Travelers Europe

For more information on Travelers Solicitors PI insurance visit: https://www.travelers.co.uk/what-we-cover/professional-indemnity-insurance/solicitors-law-firms or for cyber: https://www.travelers.co.uk/what-we-cover/cyber-insurance.

This article is provided for general informational purposes only. It does not, and it is not intended to, provide legal, technical or other professional advice, nor does it amend, or otherwise affect, the provisions or coverages of any insurance policy issued by Travelers. Travelers does not warrant that adherence to, or compliance with, any recommendations, best practices, checklists, or guidelines will result in a particular outcome. Furthermore, laws, regulations, standards, guidance and codes may change from time to time and you should always refer to the most current requirements and take specific advice when dealing with specific situations. In no event will Travelers be liable in tort, contract or otherwise to anyone who has access to or uses this information.
 
Travelers operates through several underwriting entities in the UK and Europe. Please consult your policy documentation or visit the websites below for full information.

travelers.co.uk  travelers.ie

Sources
¹ https://www.bbc.co.uk/news/articles/c20pgp3nx07o
² https://www.lawgazette.co.uk/news/dozens-of-conveyancing-firms-paralysed-by-cyber-attack/5118045.article