New York has arrived as the leading state seeking to protect its attorneys and litigants by requiring training that will educate lawyers on, for instance, phishing scams, hacking, and cybersecurity insurance, as well as ways to minimize the likelihood of attorneys becoming the subject to such nefarious schemes. Learning to protect against such fraud could save an attorney hundreds of thousands of dollars in damages and minimize potential firm or client data loss. Thus, effective July 1, 2023, New York will become the first state in the United States to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education requirements.
There are very few reported New York state cases where parties have sued seeking to recover damages for a cyber-attack. That may be because the economic loss to an individual person or entity is not very great, the expense to prosecute such a litigation with experts is too high, the facts do not work within the paradigms of traditional causes of action, relief was obtained through the banks involved or governmental authorities, or cyber-security insurance reimbursed the client or attorney for its losses. Nonetheless, highlighted below are a few decisions providing a roadmap of what can be pleaded in an attempt to recover damages for a cyber event.