- Become a Lawyer
- Become a Principal
- Visiting Lawyers
- Membership Services
- How to Become a Member in Alberta
- Billing Cycles, Filing Deadlines and Other Key Dates
- Status Options & Contact Information Changes
- Making a Payment to the Law Society
- Membership & Indemnity Program Renewals
- Member & Indemnity Certificates
- Indemnity & Indemnity Exemptions
- Professional Corporations (PCs)
- Limited Liability Partnerships (LLPs)
- Complaints
- Alberta Lawyers Indemnity Association (ALIA)
- Western Canada Competency Profile
- Continuing Professional Development
- Practice Advisors
- Trust Accounting & Safety
- Practice Management Consultations
- Equity Ombudsperson
- Fraud & Loss Prevention
- Approved Legal Services Providers
- Forms & Certificates
Please review the FAQs below for more information on the Universal Cyber Coverage Program.
Webinar Video: Breach Response and Privacy Obligations
Meet the cyber breach coach from Norton Rose Fulbright and learn about your obligations in the event of a breach. View a PDF of the slideshow here. Topics include:
- High-level regulatory privacy obligations in Alberta and across Canada
- Your obligations when your vendors (third parties) have breaches of personal information
- What happens when non-compliance is discovered
- Typical steps when a breach happens and the vendors that are usually involved in remediation
The Universal Cyber Coverage Premium for the July 1, 2024, to July 1, 2025, policy period, the payment of which is the responsibility of each Subscriber, remains the same as last year: $265 per Subscriber.
The Universal Cyber Coverage Premium for 2024-2025 is included in the annual levy invoice available online through the Law Society of Alberta’s Lawyer Portal and must also be paid on or before June 30, 2024.
Subscribers who are required to pay the Professional Liability / Negligence levy are also required to pay the Universal Cyber Coverage Premium. As such, the Subscriber and their law firm will be covered under the Universal Cyber Coverage Program (the “Beazley Policy”) automatically.
Subscribers can download a Cyber Coverage Certificate from the Law Society of Alberta’s Lawyer Portal. Certificates for the policy year commencing on July 1 in each year are available shortly after the policy year commences. Certificates for previous policy periods are also available.
Effective December 31, 2022, to July 1, 2024, the universal cyber coverage policy was provided by Zurich Insurance Company Ltd. (“Zurich”). Effective July 1, 2024, universal cyber coverage is provided by Beazley Canada Limited (“Beazley”) through their cyber policy (the “Beazley Policy”). It is expected the Beazley Policy will run annually each year from July 1 to July 1.
Claims of which Subscribers become aware during the period December 31, 2022, to 12:01 a.m. on July 1, 2024, should be reported to Zurich pursuant to the Cyber Coverage Certificate for Zurich’s cyber policy (the “Zurich Policy”). Notices of claims must be provided as soon as possible and in no event later than 60 days after the end of the policy period. Claims of which Subscribers become aware during the period December 31, 2022, to 12:01 a.m. on July 1, 2024, and are not reported within this timeframe will not be covered by the Zurich Policy or the Beazley Policy.
Claims of which Subscribers become aware from and after 12:01 a.m. on July 1, 2024, should be reported to Beazley pursuant to the Cyber Coverage Certificate for the Beazley Policy.
Cyber Coverage Certificates for each period are available in the Law Society of Alberta’s Lawyer Portal.
Subscribers who are required to pay the Professional Liability / Negligence levy are also required to pay the Universal Cyber Coverage Premium. As such, the Subscriber and their law firm will be covered under the Universal Cyber Coverage Program automatically in each year that they pay the Professional Liability / Negligence levy, for such time as they are covered by ALIA’s mandatory indemnity program.
If a Subscriber is suspended, they will not have coverage. If there are other Subscribers at the law firm who have paid the levy, they should report the claim.
ALIA recommends that all Subscribers and their law firms practice good cyber hygiene, such as implementing critical network security controls and training staff to protect themselves and their law firm from a cyberattack. Information on cyber hygiene can be found here.
Please familiarize yourself with the Beazley Policy coverage, limits and exclusions. Descriptions of coverage are found in the FAQs; however, Subscribers and their law firms should review the Beazley Policy in full. The Beazley Policy and its limits can be viewed in the Law Society of Alberta’s Lawyer Portal.
Cyber policy information is stored in the Law Society of Alberta’s Lawyer Portal to protect it from cybercriminals who search for this information.
Effective July 1, 2024, the previous insurer, Zurich, was replaced with Beazley. After many months of research, ALIA, assisted by Aon, selected Beazley to provide this coverage. Although there were no concerns with the service provided by Zurich, ALIA works to ensure that its Subscribers continue to receive the best value for their premiums / levies, and the increased coverage provided by Beazley merited the switch in insurers. Subscribers do not have to take any action for the switch in coverage to take place on July 1, 2024.
Like Zurich, Beazley is one of the top insurers in Canada for cyber risk and currently underwrites cyber programs and provides 24/7 claims service. In addition, Beazley agreed to enhance the program’s coverage and limits while accepting all Subscribers into the program without going through an onerous application process.
Subscribers should download a new certificate of insurance for the new policy period. This can be downloaded from the Law Society of Alberta’s Lawyer Portal shortly after the policy year commences.
Subscribers who are required to pay the Professional Liability / Negligence levy are also required to pay the Universal Cyber Coverage Premium. As such, the Subscriber and their law firm will be covered under the Universal Cyber Coverage Program automatically once they pay the Professional Liability / Negligence levy and Universal Cyber Coverage Premium.
The Beazley Policy commences immediately after the Zurich Policy expires, providing Subscribers with continuous coverage. The Beazley Policy provides enhanced coverage and limits.
The Beazley Policy and its limits can be viewed in the Law Society of Alberta’s Lawyer Portal.
Claims will need to be reported to either Zurich or Beazley, depending on when the Subscriber first became aware of the claim. Refer to the Cyber Claim Information FAQs for further information.
How does the cyber coverage work for Subscribers who are in private practice and also work in-house?
Subscribers who are indemnified for their private practice work will have cyber coverage for that work. However, if a Subscriber is also working in an in-house role, that work is exempt from the indemnity program and would also be exempt from the Universal Cyber Coverage Program; no cyber coverage is available through ALIA for the in-house work.
The Beazley Policy covers ALIA Subscribers and their Alberta law firm locations if there is no other cyber coverage in place. If there is other cyber coverage in place, the Beazley Policy acts as excess coverage.
If there is no other coverage available and the Alberta location suffers a covered loss, then the Alberta location will have coverage. If office locations outside Alberta are also impacted, then coverage for those locations will depend on the IT infrastructure set-up. Subscribers and law firms should report claims to Beazley as soon as they are aware of a breach so that a coverage determination can be made.
ALIA also recommends that Subscribers and their law firms review the Beazley Policy in full, including the “Other Insurance” section. The Beazley Policy can be viewed in the Law Society of Alberta’s Lawyer Portal.
Cyber policy information is stored in the Law Society of Alberta’s Lawyer Portal to protect it from cybercriminals who search for this information.
Limits
The Beazley Policy and the policy limits are available to Subscribers in the Law Society of Alberta’s Lawyer Portal.
The limits are per law firm per policy year.
Universal cyber coverage ensures that all Subscribers have access to 24/7 claims advice and the expertise critical to managing a cyber breach, such as computer experts and legal advice, as well as financial risk transfer subject to the limits set out in the Cyber Coverage Certificate.
Cyber policy information is stored in the Law Society of Alberta’s Lawyer Portal to protect it from cybercriminals who search for this information.
Description of Beazley Coverage
First-party cyber coverage covers the costs for a Subscriber or their law firm to respond to a data or security breach, such as a data or security breach caused by a ransomware attack. Generally, when faced with a ransomware attack, a Subscriber or their law firm will require legal and IT advice. First-party coverage provides Subscribers with access to these experts. If a Subscriber or law firm has a claim, it should be reported to the insurer immediately. Please refer to the FAQ titled “How do Subscribers and their law firms report cyber claims”.
Breach Response Costs
Reimburses the costs* to respond to a data or security breach. Covered fees and costs include expenses of computer security experts to investigate the security system to determine the cause and extent of a data or security incident, legal expense costs, public relations and crisis management costs, consumer notification and consumer credit monitoring services.
*Costs are for expenses incurred from third-party vendors from Beazley’s vendor panel (e.g., computer security experts, a lawyer acting as a breach coach, a public relations firm) and do not include internal law firm costs (e.g., wages of internal employees to deal with the breach).
Cyber Extortion Loss
Reimbursement for expenses incurred in preventing or terminating an extortion threat and any payments made to prevent or respond to an extortion threat.
Data Recovery Costs
Reimbursement of costs, incurred as a result of a security breach, to regain access to, replace, or restore data, or if it cannot reasonably be accessed, replaced or restored, costs to reach this determination.
Inapplicable Coverages
While the Beazley Policy may refer to third-party coverages other than those summarized above, only the coverages listed in the Cyber Coverage Certificate for the Beazley Policy are provided. The applicable coverages listed in the certificate are Breach Response Costs, Cyber Extortion Loss, Data Recovery Costs, Data & Network Liability and Regulatory Defence & Penalties. Please see the FAQ titled “What coverage is not provided by the Universal Cyber Coverage Program?”.
Any summary of the Beazley Policy contained above is provided for general information purposes only and not as legal advice and is qualified in its entirety to the terms and conditions of the Beazley Policy. Subscribers should review the Beazley Policy, available in the Law Society of Alberta’s Lawyer Portal, to confirm their obligations and coverage in any circumstance.
Cyber policy information is stored in the Law Society of Alberta’s Lawyer Portal to protect it from cybercriminals who search for this information.
Limits
The Beazley Policy and the policy limits are available to Subscribers in the Law Society of Alberta’s Lawyer Portal.
The limits are per law firm per policy year.
Cyber policy information is stored in the Law Society of Alberta’s Lawyer Portal to protect it from cybercriminals who search for this information.
Description of Beazley Coverage
Third-party coverage, or liability coverage, is also referred to as Data & Network Liability and Regulatory Defense & Penalties. It covers legal defence costs and damages for a Subscriber’s or their law firm’s liability to clients due to a security breach or data breach, for example, liability caused by theft or disclosure of confidential information due to a computer security breach or the loss of theft of personally identifiable or confidential third-party corporate information, as well as costs and penalties of regulatory proceedings for a data or security breach.
Data & Network Liability
Liability coverage for defence costs and damages suffered by others resulting from a data breach or a security breach. A data breach includes the theft, loss, or unauthorized disclosure of personal information under privacy laws or confidential information of a third party, for which the Subscriber or their law firm is liable. A security breach includes a failure of computer security, including unauthorized access or use, denial of service attack or infection by or transmission of a computer virus.
Coverage is also provided for the insured’s failure to timely disclose a data or security breach and certain failures of an insured to comply with its own privacy policy.
Regulatory Defence & Penalties
Liability coverage for defence costs, as well as fines and penalties payable to a governmental entity and amounts paid into a consumer redress fund, in a civil regulatory proceeding for a data breach or security breach.
Inapplicable Coverages
While the Beazley Policy may refer to third-party coverages other than those summarized above, only the coverages listed in the Cyber Coverage Certificate for the Beazley Policy are provided. The applicable coverages listed in the certificate are Breach Response Costs, Cyber Extortion Loss, Data Recovery Costs, Data & Network Liability and Regulatory Defence & Penalties. Please see the FAQ titled “What coverage is not provided by the Universal Cyber Coverage Program?”.
Any summary of the Beazley Policy contained above is provided for general information purposes only and not as legal advice and is qualified in its entirety to the terms and conditions of the Beazley Policy. Subscribers should review the Beazley Policy, available in the Law Society of Alberta’s Lawyer Portal, to confirm their obligations and coverage in any circumstance.
Yes. There is a $5,000 deductible applicable to first-party coverage and third-party coverage, which the Subscriber must pay before accessing the coverage limits. Only one deductible applies if both the first-party and third-party coverages are accessed for a claim. The deductible payment does not erode the limit of available insurance; in other words, the limits apply above the deductible amount.
The Beazley Policy and the policy limits can be accessed in the Law Society of Alberta’s Lawyer Portal.
Cyber policy information is stored in the Law Society of Alberta’s Lawyer Portal to protect it from cybercriminals who search for this information.
eCrime, including Social Engineering
The Beazley Policy does not provide eCrime coverage, including financial losses resulting from fraudulent instruction, funds transfer fraud or telephone fraud. These unavailable coverages are, for the most part, social engineering and cybercrime coverages.
Due to the high cost and limited availability of insurers offering coverage for loss of funds due to cyberattacks and social engineering, this coverage is not included. Social engineering uses targeted, fraudulent emails and other communications to dupe a lawyer, law firm or client into performing an action. For example, a cybercriminal will send an email that appears to be coming from a client asking a law firm to redirect the transfer of funds to a different account from what was initially agreed upon. In some cases, the cybercriminal has gained access to the client’s or lawyer’s email account.
Social engineering can be prevented with low-cost, easy steps. For advice on how to avoid social engineering losses, please review the FAQ titled “What can a Subscriber or their law firm do to protect themselves from cyberattacks and social engineering?”. ALIA also publishes ALIAlerts on fraud attempts against Subscribers, including social engineering fraud, with tips on how to avoid these losses. Subscribers are urged to read these tips.
Other Inapplicable Coverages
In addition to eCrime, other kinds of cyber coverages are not provided under the Universal Cyber Coverage Program. While the Beazley Policy language may contain some or all of the following coverages (“Inapplicable Coverages”), only the coverages listed in the Cyber Coverage Certificate for the Beazley Policy are provided. The applicable coverages listed in the Cyber Coverage Certificate for the Beazley Policy are Breach Response, Cyber Extortion Loss, Data Recovery Costs, Data & Network Liability and Regulatory Defence & Penalties.
The following coverages are the Inapplicable Coverages, which are not provided, even though the text of the Beazley Policy may contain some or all of them:
Computer Hardware Replacement
Reimbursement coverage to replace hardware unable to function due to a security breach or system failure, such as computers.
Business Interruption
Reimbursement coverage for the insured for lost income caused by a security breach or system failure and associated forensic and extra expenses.
Dependent Business Interruption
Reimbursement coverage for the insured for lost income and extra expenses caused by a security breach or system failure of a third party that the insured depends on to conduct its business.
Reputational Loss
Reimbursement coverage for the insured for the loss of net profits/losses caused by bad publicity resulting from a security event.
Payment Card Liabilities and Costs (PCI)
Coverage for any monetary amount owed by an insured, as a result of a data breach, pursuant to any agreement with a financial institution, credit/debit card company, credit/debit card processor or independent service operator enabling the insured to accept credit card, debit card, prepaid card or other payment cards for payments.
Criminal Reward
Coverage to indemnify the insured for amounts offered and paid by the insured for information that leads to the arrest and conviction of individuals who commit illegal acts relating to coverage under the policy.
Impersonation Fraud Loss
Coverage to indemnify the insured for losses of the insured’s customers, costs of the insured to provide goods or services to a third party, and other costs resulting from fraudulent electronic communications or websites designed to impersonate the insured or its products.
Media Liability
Liability coverage for certain defense costs and damages suffered by others for content-based injuries such as libel, slander, defamation, copyright infringement, trademark infringement or invasion of privacy.
Any summary of the Beazley Policy contained above is provided for general information purposes only and not as legal advice and is qualified in its entirety to the terms and conditions of the Beazley Policy. Subscribers should review the Beazley Policy, available in the Law Society of Alberta’s Lawyer Portal, to confirm their obligations and coverage in any circumstance.
Subscribers can download the Beazley Policy and view the policy limits in the Law Society of Alberta’s Lawyer Portal.
Cyber policy information is stored in the Law Society of Alberta’s Lawyer Portal to protect it from cybercriminals who search for this information.
If a Subscriber or their law firm wants to secure higher limits or broader coverage than that provided by the Universal Cyber Coverage Program, they should speak to their insurance broker. ALIA’s broker, Aon, can also assist Subscribers and their law firms explore purchasing excess or additional coverage and can be reached via email.
Subscribers should download a new Cyber Coverage Certificate for the new policy period. Subscribers can download a Cyber Coverage Certificate for the Beazley Policy from the Law Society of Alberta’s Lawyer Portal. Cyber Coverage Certificates for the policy year commencing on July 1 of each year are available shortly after the policy year commences. Certificates for previous periods are also available.
The certificate refers to the Subscriber’s law firm as listed in the Law Society of Alberta’s records when the certificate is downloaded. Subscribers should review their certificates to ensure their law firm is current. If a Subscriber moves to another firm, they should download a new certificate with up-to-date firm information. If your certificate does not refer to your current firm, please contact ALIA for assistance.
If a Subscriber or their law firm suffers a cyberattack and cannot obtain a certificate (e.g., they cannot access the Law Society of Alberta’s Lawyer Portal and do not have a physical certificate on hand), they should contact ALIA for assistance.
ALIA recommends that Subscribers and their law firms retain their certificates for each policy period of the Beazley Policy, as well as a copy of the Beazley Policy. Beazley will request certificates from Subscribers and law firms as part of the claims process.
If a Subscriber or their law firm has existing cyber coverage, ALIA recommends discussing whether it makes sense to cancel the coverage with their insurance broker. The existing policy could have broader coverage or higher limits than the coverage provided by the Universal Cyber Coverage Program with Beazley.
The Beazley Policy acts as excess coverage if the Subscriber or their law firm has other cyber coverage. However, there are some exceptions to this where the Beazley Policy will act as primary coverage (e.g., respond to the loss first). This includes if the Subscriber’s or their law firm’s policy was purchased as excess coverage or if they have some element of cyber coverage in a commercial general liability or property policy.
ALIA recommends that Subscribers and their law firms review the entire Beazley Policy, including the “Other Insurance” section, with their insurance broker.
The Beazley Policy and the policy limits can be accessed in the Law Society of Alberta’s Lawyer Portal.
Cyber policy information is stored in the Law Society of Alberta’s Lawyer Portal to protect it from cybercriminals who search for this information.
If ALIA cancels or does not renew the Beazley Policy, notices of claims must be provided as soon as practicable and in no event later than 60 days after the end of the policy period or the end of an optional extension period. For breach response costs and data recovery costs, notices of data breaches and security breaches must be provided as soon as practicable (with a 60-day extension being provided in certain limited circumstances for data recovery costs).
If the Beazley Policy terminates, ALIA may purchase an optional extension period at the program level, and Subscribers and their law firms may purchase an optional extension period for themselves. If a Subscriber or their law firm wants to purchase an extended reporting period, they can contact Aon for information.
If a Subscriber changes their Law Society of Alberta membership status, coverage ceases and similar extensions may be available.
ALIA recommends that Subscribers and their law firms contact Aon for advice on coverage implications where firms may no longer carry on business or where Subscribers change their Law Society of Alberta membership status.
If the Beazley Policy is not renewed, ALIA is not obligated to Subscribers to purchase an extended reporting period.
Any summary of the Beazley Policy contained above is provided for general information purposes only and not as legal advice and is qualified in its entirety to the terms and conditions of the Beazley Policy. Subscribers should review the Beazley Policy, available in the Law Society of Alberta’s Lawyer Portal to confirm their obligations and coverage in any circumstance.
In approving the Universal Cyber Coverage Program in 2022, the Benchers and ALIA’s Board recognized the importance of Subscribers having cyber coverage to protect themselves, their firms and, by extension, their clients. Lawyers are attractive targets to cybercriminals due to the sensitive, confidential client information stored in the computer systems they use. Cybercriminals seek to extort or steal this information through ransomware and other malware. Cyberattacks can cripple computer systems and block access to files and information, interrupting professional services and exposing client information to criminals. Attempted attacks–some of which are successful–against Subscribers and their law firms are reported to ALIA regularly, but these types of claims are not covered by the ALIA Group Policy. Every province except Quebec has implemented some form of mandatory cyber coverage.
ALIA’s November 2021 Subscriber survey found that two-thirds of the Subscribers who responded would be interested in including cyber and/or social engineering coverage in ALIA’s indemnity program. Despite their support for it, ALIA’s research shows that many Subscribers tend not to purchase cyber coverage. Cyber insurance can be difficult to purchase, as many sole practitioners and smaller law firms find it challenging to meet some insurers’ network security requirements.
Without insurance, expert resources required to manage a cyber breach can be challenging to access in an emergency. The Universal Cyber Coverage Program ensures that all Subscribers have 24/7 access to cyber expertise to mitigate and help prevent security and data breaches and help restore professional services and reduce exposure to claims for client losses. It will also provide liability coverage for claims arising from cyber incidents.
No. The coverage is universal for all Subscribers. ALIA selected Beazley, which was prepared to provide coverage to all Subscribers at an affordable price. ALIA would not be able to offer universal cyber coverage without including all Subscribers in the program.
Cybercriminals continue to become more sophisticated in their tactics to obtain critical data from businesses. Firewalls and antivirus software are no longer enough to protect the networks of Subscribers and their law firms. Under the Universal Cyber Coverage Program, Subscribers and their law firms will have access to the critical breach response resources required to manage a cyberattack. Services such as IT experts and cyber extortion experts are often difficult to obtain without having access to cyber insurance vendors.
Cyberattacks are complex and rapidly evolving, and cyber claims require special expertise. As such, ALIA felt that a commercial insurer would provide Subscribers with the knowledge required to help them manage a cyber breach.
After many months of research, ALIA, assisted by Aon, selected Beazley to provide this coverage. Beazley is one of the top insurers in Canada for cyber risk, and it currently underwrites cyber programs and provides 24/7 claims service. In addition, Beazley agreed to enhance the program’s coverage from the previous insurer while accepting all Subscribers into the program without going through an onerous application process.
The cyber coverage program is universal to ensure that all ALIA Subscribers and their law firms have a basic level of coverage. ALIA indemnifies individual Subscribers who are required to pay the annual levy by the Rules of the Law Society of Alberta. As such, each Subscriber who is required to pay the Part A levy is also required to pay the cyber coverage levy.
Cyber coverage limits are based on the law firm, because cyberattacks typically impact the firm’s entire network. Furthermore, it would be challenging to determine which Subscriber or employee of the firm may have initiated the cyber breach and to tie the coverage back to one individual Subscriber or employee of a law firm, which is also why claims will not be surcharged. Finally, if a law firm experiences a cyberattack, they are at risk of being attacked again, which is why cyber policies contain specific limits applicable to the law firm. As such, every law firm, regardless of size, should be taking steps to implement appropriate cyber hygiene to reduce further incidents.
The ALIA website is the best source for information about all aspects of the indemnity program, including information on the Universal Cyber Coverage Program. However, for coverage questions, including extended reporting period information, please contact Aon at ALIAcyber@aon.ca.
Subscribers have access to educational and loss control information and services made available by Beazley from time to time and includes access to beazleybreachsolutions.com, a dedicated portal through which Subscribers can access news and information regarding breach response planning, data and network security threats, best practices in protecting data and networks, offers from third party service providers, and related information, tools and services.
Further resources are also available on ALIA’s website:
Tips on Cyber Hygiene Best Practices to Prevent Cyberattacks