Cyber Insurance Myths Law Firms Still Believe

Posted on by

Cyber insurance is still one of the most misunderstood types of coverage I see — especially among law firms.

Many firms assume they’re protected…
until something actually happens.

Unfortunately, that’s often when they discover the coverage they thought they had doesn’t respond the way they expected. Let’s clear up some of the most common cyber insurance myths law firms continue to believe.

Myth #1: “Our General Liability Policy Covers Cyber Incidents”

This is one of the most common — and most dangerous — assumptions.

In most cases, general liability insurance does not cover cyber incidents.
 General liability is designed for things like bodily injury, property damage, or advertising injury — not data breaches, ransomware, or network intrusions.

If a client’s personal information is compromised, a general liability policy typically won’t respond. That’s where cyber insurance comes in — if you have it set up correctly.

Myth #2: “We Have an IT Company, So We Don’t Need Cyber Insurance”

IT support is critical — but it’s not a substitute for insurance.

Think of it this way:

  • IT helps prevent problems
  • Insurance responds when prevention fails

Even the best security systems can be bypassed. Phishing emails, compromised passwords, vendor breaches, and human error still happen every day. When they do, cyber insurance helps cover the financial fallout — not your IT provider.

Myth #3: “We’re Too Small to Be a Target”

This one couldn’t be further from the truth.

Today, size doesn’t matter when it comes to cyber attacks. In fact, smaller law firms are often easier targets:

  • Less money spent on cybersecurity
  • Fewer internal controls
  • Outdated systems
  • Easier access points for attackers

Hackers aren’t always looking for the biggest payout — they’re looking for the path of least resistance.

Myth #4: “Cyber Insurance Is Just for Ransomware”

Ransomware may get the headlines, but cyber insurance covers much more than that.

Depending on the policy, cyber coverage may help with:

  • Data breaches
  • Business interruption
  • Client notification requirements
  • Forensic investigations
  • Legal and regulatory costs
  • Credit monitoring services
  • Crisis management and reputation support

Cyber incidents can affect your firm long after systems are restored — and the costs add up quickly.

The Real Issue: Understanding What Cyber Insurance Does (and Doesn’t) Cover

The biggest issue isn’t whether a law firm has cyber insurance.

It’s whether they understand:

  • What their policy actually covers
  • What it excludes
  • How it would respond in a real-world incident

If you’re not sure how your policy would work during a data breach or cyber attack, that’s usually a sign it’s worth reviewing.

The #1 Insurance Mistake I See Every January (And Why It Matters)

Posted on by

Every January, I see the same insurance mistake. And it usually doesn’t show up until there’s a problem.

It’s not that people don’t have insurance. Most do. The issue is the assumption that because a policy renewed, the coverage must still be right for the business. Unfortunately, that assumption can be costly.

Renewed Doesn’t Always Mean Reviewed

Most insurance policies renew automatically. That convenience is helpful, but it can also be misleading. A renewal doesn’t necessarily mean anyone reviewed your coverage. In many cases, it simply means the paperwork rolled over from the previous year.

The challenge is that businesses don’t stay the same from year to year.

Over the course of twelve months, you may hire employees, take on new types of clients, rely more heavily on technology, or store more sensitive data. Each of those changes can affect your risk. But unless someone actually looks at the policy, your coverage remains exactly where it was.

Where Problems Often Appear

I’ve seen situations where someone believed they were fully covered — and technically, they were. Just not for the situation they were facing.

The issue usually isn’t negligence. It’s the assumption that “renewed” meant “reviewed.” When a claim happens, that’s not the time anyone wants to discover that something changed and the policy didn’t keep up. At that point, the decision has already been made.

Why January Is the Right Time to Look

The start of the year is actually a good time to pause and ask a simple question: does my insurance still match how my business operates today?

That doesn’t automatically mean you need more coverage. In many cases, it simply means you need the right coverage for how your business has evolved.

A short review at the beginning of the year can help identify gaps, outdated limits, or assumptions that no longer apply. More importantly, it can prevent an expensive surprise later.

A Small Step That Can Make a Big Difference

Insurance is designed to protect you when something unexpected happens. Making sure your coverage reflects how your business actually operates is one of the simplest ways to make sure it does what it’s supposed to do.

A little time spent reviewing things now can go a long way toward avoiding problems later — and that’s something I’d always rather help people prevent.

A New Year’s Resolution Every Lawyer Should Actually Keep: Review Your Insurance

Posted on by

As the year winds down, it’s easy to get caught up in the Christmas decorations, the festive atmosphere, and the excitement of the season. Before you know it, New Year’s Eve is right around the corner—and with it comes the familiar list of New Year’s resolutions.

You know the ones:

  • Get healthier
  • Lose weight
  • Be more productive
  • Finally stick to a routine

All of those are great goals, and I truly hope you stick to them. But this year, I want to suggest one resolution that isn’t flashy, isn’t fun, and definitely won’t make your highlight reel—but it could save your career.

Make 2026 the year you review your insurance coverage.

Yes, it’s boring.
Yes, it sounds dull.
And yes, it might even feel a little ridiculous to say, “My New Year’s resolution is to review my insurance.”

But it’s also one of the most important things you can do.

Why Reviewing Your Insurance Matters

Far too many professionals—especially attorneys—set up their insurance policies and then forget about them. Years go by, the practice changes, the risk profile evolves, and the coverage quietly stays the same.

That’s how people end up discovering gaps in coverage at the worst possible time: when a claim occurs.

Insurance is something you want to understand before you need it—not after.

Don’t Just Review One Policy—Review Them All

When you sit down to review your coverage in early 2026, look at all of your policies. That said, I do want to strongly emphasize one in particular:

Your lawyer’s professional liability policy.

Here are a few critical questions to ask yourself as you review it:

Are You Retiring Soon?

Is 2026 the year you’re planning to retire?

If so, you need to understand how your policy handles retirement and tail coverage:

  • Do you qualify for a free retirement tail?
  • What are the specific requirements to receive it?
  • Does your current policy even offer a free retirement tail?
  • Are there steps you need to take before retiring to remain eligible?

Assuming you’re covered without confirming these details can be a costly mistake.

Is Your Practice Expanding?

If retirement isn’t on the horizon, maybe growth is.

Ask yourself:

  • Are you planning to add new attorneys?
  • Are you expanding into new practice areas?
  • Has your caseload or exposure increased?

If so, your current limits may no longer be sufficient. You may need to:

  • Increase your policy limits
  • Reevaluate your deductible
  • Adjust coverage to match your expanded risk

Growth is exciting—but it also brings additional exposure that your insurance should reflect.

A Small Time Investment With Big Payoff

Reviewing your insurance doesn’t take long, but it can prevent serious problems down the road. It’s one of those tasks that’s easy to postpone—until suddenly, it’s too late.

So enjoy the holidays.
Have a safe and happy New Year’s Eve. 🎉

Then, sometime in that first week of January, do yourself a favor: take an hour and review your policies.

It’s not the most exciting resolution—but it just might be the smartest one you make for 2026.

Happy Holidays and Happy New Year.

Protect Your Business From Today’s Cyber Threats — Before It’s Too Late

Posted on by

In today’s digital world, cyber threats aren’t just targeting the big corporations you see on the news. They’re hitting small businesses every single day — law firms, chiropractors, retailers, accountants, nonprofits, and anyone who handles sensitive information.

And here’s the scary part:

It only takes one wrong click.
One outdated system.
One overlooked vulnerability.

And suddenly… it’s game over.

But not today.

That’s exactly why I wrote Game Over? Not Today! Power-Ups for Cyber Liability and Security — a practical, no-fluff guide built to give business owners the tools they need to stay protected in a world where cyber threats evolve faster than ever.

Below are four of the biggest “power-ups” from the book — the ones that can make or break your protection.

Power-Up #1: Your Employees

Your team can be your strongest defense… or your biggest vulnerability.

Most cyber incidents don’t start with sophisticated hackers breaking into a network. They start with everyday mistakes — clicking a suspicious link, opening a bad attachment, or ignoring a warning sign.

In the book, I walk you through simple, repeatable habits your employees can build to:

  • Spot phishing emails
  • Identify strange links
  • Recognize suspicious account activity
  • Report problems before they escalate

This is the kind of daily awareness that saves businesses from major losses.

Power-Up #2: Review Your Cyber Insurance Regularly

Most business owners purchase a cyber liability policy…
and then never look at it again.

But threats change.
Your business changes.
Your technology changes.

And if your coverage doesn’t keep up, you may not be protected the way you think you are.

A quick annual review can help you:

  • Close dangerous gaps
  • Update limits based on growth
  • Make sure exclusions aren’t leaving you exposed
  • Align your coverage with your current risk level

It’s one of the simplest and most impactful steps you can take.

Power-Up #3: Partner With the Right Cybersecurity Experts

You don’t have to go it alone.

The right cybersecurity partner gives you:

  • Better tools
  • Stronger defenses
  • Real-time monitoring
  • Faster responses
  • And in many cases… better insurance terms

Not all cybersecurity providers are equal, so inside the book, I break down exactly what to look for — and what to avoid — so you get real value instead of empty promises.

Power-Up #4: Have a Clear, Practical Plan in Place

Every business needs a clear set of cybersecurity fundamentals, including:

  • An incident response plan
  • A documented process for who does what in a cyber event
  • A genuine understanding of what your policy actually covers
  • A checklist to make sure nothing slips through the cracks

No jargon. No overwhelm. Just practical steps that keep your business confident and prepared.

Ready to Protect Your Business?

If you want the peace of mind that comes from knowing your business is prepared, protected, and ready for whatever comes your way, now’s the time to take action.

📘 Download Game Over? Not Today! Power-Ups for Cyber Liability and Security and get the tools you need to stay ahead of evolving threats.

Stay Safe Online This Cyber Monday

Posted on by

With the colder weather comes one of the busiest times of year: the holiday season.

Thanksgiving is up next, and right after that comes a day everyone seems to love (maybe a little too much): Cyber Monday. It’s the day when people jump online, click every button in sight, and buy all the things — whether they really need them or not. It’s fast, it’s fun, and sometimes it’s a little chaotic.

But while you’re online filling your cart, remember this: the bad actors are online too.

Hackers know Cyber Monday brings millions of shoppers to the web, and they work overtime trying to steal valuable information to make their holidays merrier at your expense. That means now is the perfect time to slow down, stay alert, and protect yourself.

How to Stay Safe While Shopping Online

Here are a few things to keep in mind before you click “Buy Now”:

1. Double-check the website you’re on.

Scammers love creating look-alike sites with nearly identical names. Always review the URL carefully before entering any personal or payment information.

2. Be skeptical of emails.

If you get an email about a deal that seems too good to be true, pause. Make sure you recognize the sender, and watch for red flags like misspelled words, weird phrasing, or urgent messages demanding immediate action.

3. Never share sensitive information over email.

No retailer needs your Social Security number, date of birth, or bank account information to confirm a purchase. If someone asks you for it, it’s a scam — full stop.

4. Avoid clicking links you weren’t expecting.

One careless click can lead to malware, viruses, or even ransomware. When in doubt, visit the retailer’s website directly instead of using email links.

Protect Your Holidays

Cyber Monday should be fun — not something that ruins your holiday season. A few extra seconds of caution now can save you from a whole lot of stress later.

Be careful, stay vigilant, and shop smart.

Application Management

Posted on by

Today I wanted to share an important reminder that too many attorneys learn the hard way: renewal application management matters. In fact, it can make the difference between keeping decades of prior acts coverage… or losing it overnight.

A Real Conversation With a Real Consequence

I recently spoke with an attorney who was considering switching their legal malpractice coverage over to us. They told me they’d had continuous coverage for more than 20 years — never a lapse, never a break.

But when I reviewed their current policy, something immediately stood out:

Their retroactive date was only a couple of years old.

If you’ve carried uninterrupted coverage for two decades, that should never happen. So I asked, “What’s going on with this retro date?”

The answer was painful.

A few years back, their firm submitted their renewal application late. The carrier still issued a quote — but with a new retroactive date. That single change wiped out nearly 20 years of prior acts coverage. One late renewal. One technicality. A massive loss of protection.

Don’t Let This Happen to Your Firm

We’re heading into the busy season — holidays, year-end work, family commitments, and a general whirlwind of “I’ll get to it later.” But your legal malpractice renewal application is not something to push back.

Treat it like you would a statute of limitations.
Put it in your calendaring system.
Enter reminders at 120 days, 90 days, 60 days, and even 30 days before renewal.

Whatever you do, don’t assume you can complete your application on December 30 for a January 1 renewal and expect the carrier to turn it around in time. Most carriers need 20–25 days to properly underwrite your file. You might get lucky once — but luck is not a strategy.

The Stakes Are Too High

Imagine carrying legal malpractice insurance your entire career — 20 or 30 years — only to lose all those prior acts because your renewal was late by a day or two.

It happens.
It’s brutal.
And it’s completely avoidable.

Final Thoughts

If you take nothing else from this story, take this:
Calendar your renewal like a critical deadline.
Protect your prior acts coverage.
Don’t give a carrier any reason to strip away decades of protection simply because paperwork arrived late.

Why You Should Be Protecting Company Devices This Fall

Posted on by

It’s officially fall. And with fall comes football season. And with football season… comes fantasy football.

While I was at the coffee shop today, I couldn’t help but notice how many people were glued to their phones and laptops — talking about who to start at quarterback, what team to bet on, and furiously updating their lineups.

As I watched, one thought crossed my mind:


How many of those devices are company-issued?

The Overlooked Risk of Company Devices

If you’re an employer — whether you have five employees or five hundred — and you provide laptops or mobile phones for work use, it’s worth asking:

Do you really want your company devices being used for things like fantasy football, online betting, or personal gaming?

Beyond productivity concerns, there’s a serious cybersecurity angle here. Those fantasy sports platforms, betting apps, and community forums aren’t always the most secure. Employees visiting those sites on a work device could be exposing your company’s data to malware, phishing attempts, or data leaks — all while trying to swap out the Green Bay Packers’ defense for the Pittsburgh Steelers’.

Why You Need a Clear Device-Use Policy

If your company doesn’t already have a policy in place outlining what employees can and can’t do on company-issued technology, now’s the time to create one.

A clear, written policy helps:

  • Protect your network from unnecessary exposure.
  • Reduce legal and compliance risks tied to inappropriate or unsafe use.
  • Set expectations so employees know what’s acceptable during work hours (and on work devices).

It doesn’t have to be complicated — just clear, consistent, and enforced.

A Simple Step Toward Stronger Security

As an insurance guy, I’ve seen firsthand how one small oversight — like an unsecured login on a fantasy sports site — can lead to costly consequences for a business.

So while I finish my cup of coffee and enjoy the crisp fall air, here’s my advice:


Take a look at your company’s device-use policy (or create one if it doesn’t exist yet). It’s a small step that can save you from a big headache later.

Until next time — stay smart, stay secure, and enjoy the season.

Cybersecurity Myths Lawyers Still Believe

Posted on by

Even in 2025, many law firms are still making the same dangerous mistake — assuming they’re too small, too secure, or too “tech-savvy” to be hacked.

Spoiler alert: those are myths.

Let’s bust some of the biggest misconceptions about cybersecurity that could be putting your law firm — and your clients — at serious risk.

Myth #1: “Hackers Only Target Big Firms”

Many attorneys believe cybercriminals only go after giant firms with massive case files and deep pockets.

The truth? Small and mid-sized firms are often easier targets because hackers assume your defenses are weaker.

Think about it — stealing just a few real-estate transaction details or trust-account logins can be a huge payday for a cybercriminal.

📊 Did you know?
 43% of all cyberattacks now target small businesses.

If your firm handles sensitive data (and whose doesn’t?), you’re already on the radar.

Myth #2: “Our IT Guy Handles Everything”

Having a good IT professional is important — but cybersecurity isn’t just a tech problem.

It’s a people problem.

Hackers rely on human error — that one employee who clicks a phishing link or opens an infected attachment. Even the most experienced IT team can’t stop someone from making a simple mistake.

That’s why training matters more than technology.

Every member of your staff should know how to spot fake emails, suspicious requests, and signs of a breach before it’s too late.

Myth #3: “The Cloud Keeps Us Safe Automatically”

Cloud storage is convenient — and often more secure than local servers — but it’s not foolproof.

The cloud is only as safe as your settings, passwords, and access controls.

Imagine leaving your office file cabinet unlocked because your building has security cameras. That’s what happens when you rely on the cloud but ignore user permissions or password strength.

A Secure Cloud: Strong passwords, limited access, MFA enabled
An Unsecured Cloud: Shared logins, weak passwords, open access

The difference between the two? One data breach away from disaster.

Myth #4: “It Won’t Happen to Us”

This is the most dangerous myth of all.

Cyberattacks aren’t a question of if — they’re a question of when.

Law firms are prime targets because they handle confidential client data, financial records, and case files that can be exploited or sold.

Every firm, regardless of size or specialty, needs to assume they’re a target and prepare accordingly.

 Don’t wait to react — prepare now.

How to Stay Ahead of Cyber Threats

Now that we’ve busted some myths, here’s how to keep your firm protected:

  • Train your team regularly.
     Make cybersecurity awareness part of your firm’s culture.
  • Use strong passwords and multi-factor authentication.
     A few seconds of inconvenience can prevent months of chaos.
  • Have a response plan.
     Know who to call, what to do, and how to communicate if something goes wrong.

Cybersecurity doesn’t have to be complicated or scary. By staying informed and ditching outdated myths, you can keep your clients, your data, and your reputation secure.

For real-world stories and practical protection strategies, check out Game Over? Not Today! by Don Ivol — a great read for any professional serious about defending their business against modern threats.

Stay smart. Stay safe. And keep busting those myths.

Deepfakes & AI Voice Scams: The Next Wave of Social Engineering

Posted on by

Imagine this…

You get a voicemail from your managing partner instructing you to wire funds immediately to close a deal.
The voice is unmistakably theirs — the same tone, cadence, even the familiar urgency.
You make the transfer… only to discover later that your partner never made the call.

Scary, right?
It’s not science fiction anymore. It’s happening right now — and law firms are among the prime targets.

How AI Is Supercharging Scams

Artificial intelligence is transforming how we work, communicate, and market — but it’s also arming cybercriminals with disturbingly powerful tools.

With just a few seconds of recorded speech — perhaps from a webinar, a YouTube clip, or even a voicemail — scammers can now use deepfake and AI voice cloning technology to recreate someone’s voice almost perfectly.

They use these fake voices to:

  • Call your office pretending to be a partner or client
  • Leave urgent voicemails requesting fund transfers
  • Send recorded messages convincing enough to trick even cautious employees

It’s the next generation of social engineering — and it’s frighteningly effective.

Why Law Firms Are Prime Targets

Law firms make ideal victims for AI-driven scams for several reasons:

  • Large Transactions: From settlements to real estate closings, firms often handle significant sums of money.
  • Public Communication: Many attorneys appear in hearings, interviews, webinars, or firm videos — providing plenty of voice samples to clone.
  • High Trust Environments: Attorneys, clients, and staff rely on established relationships and quick communication. When a familiar voice calls, few people question it.

That combination of accessibility, authority, and trust makes the legal sector especially vulnerable to deepfake and voice-cloning scams.

A Real-World Near Miss

Just a few months ago, a law firm nearly wired hundreds of thousands of dollars after receiving a voicemail that appeared to be from its managing partner. The message was urgent, specific, and completely believable.

Thankfully, a sharp-eyed paralegal hesitated and verified the request through another channel — preventing a catastrophic loss. But many firms aren’t so lucky. The scams are evolving faster than most people realize.

How to Protect Your Firm

The best defense against deepfake and AI voice scams isn’t fear — it’s preparedness.
Here’s how to safeguard your team and clients:

1. Verify Unusual Requests

Never rely on a single voicemail, text, or email — even if it sounds or looks legitimate.
Always confirm any urgent or high-value request in person or by calling a known, verified number.

2. Establish a Firm Policy

Create and enforce a rule such as:

“No wires or major actions without verbal confirmation from two trusted people.”

That simple step can stop most scams before they start.

3. Educate Your Team

Train everyone — attorneys, paralegals, and administrative staff — to recognize that voices and even videos can be faked.
Awareness is the most powerful security tool you have.

4. Limit Public Voice Samples

Be thoughtful about how much of your voice appears online.
When possible, restrict recordings or use watermarking technology to protect sensitive communications.

Deepfakes and AI voice scams represent the next wave of social engineering — but they’re not unbeatable.
By slowing down, verifying information, and building a culture of cybersecurity awareness, your firm can stay one step ahead.

Bonus Resource

For more real-world examples of digital deception and practical tips to protect your business, check out Game Over? Not Today! by Don Ivol — a must-read for any attorney serious about cybersecurity.

Stay Vigilant, Stay Informed

Deepfakes may mimic a voice, but they can’t replace human judgment.
Trust your instincts, double-check requests, and keep your firm — and your clients — safe from the next wave of AI-powered fraud.