One of the most common questions I get from attorneys is this:
“What’s the difference between a claim and a potential claim—and when do I actually need to report it?”
It’s a great question, and the answer can have a major impact on whether your malpractice coverage protects you when you need it most.
What Is a “Claim”?
A claim is typically straightforward. It involves a clear allegation of wrongdoing or a demand for money. This could be a lawsuit, a formal demand letter, or any situation where a client (or former client) is asserting that an error caused them harm.
A potential claim is less obvious—but just as important.
This is when you become aware of a situation that could lead to a claim, even if no one has formally complained yet. Common examples include:
Missing a filing deadline
Discovering a mistake in a document or case strategy
Receiving communication from a client that suggests dissatisfaction (including online reviews)
Realizing something may not have been handled correctly
In these situations, nothing has escalated yet—but there’s a reasonable chance it could.
Why Timing Matters When It Comes To Legal Malpractice Claims
Most legal malpractice policies are claims-made policies, which means coverage is triggered based on when a claim is reported—not just when the incident occurred.
That’s why the distinction between a claim and a potential claim is so important.
Reporting early isn’t just a requirement of the policy—it can also work in your favor.
Getting your carrier involved sooner can help reduce defense costs, improve the chances of resolving the issue efficiently, and give you more options if the situation develops into a formal claim.
In fact, many malpractice claims don’t begin with a lawsuit—they start as smaller issues that weren’t addressed early.
The Risk of Waiting To Report A Claim
It’s not uncommon for attorneys to hesitate before reporting a potential issue. There’s often concern about how it might impact premiums or whether it’s “too early” to involve the carrier.
But waiting can create serious problems.
If you’re aware of a potential issue and choose not to report it—and that issue later turns into a claim—there’s a risk your carrier may deny coverage altogether.
A Simple Rule to Follow
If there’s any doubt, it’s usually better to have the conversation early.
You don’t need to have all the answers, and reporting something doesn’t mean it will automatically turn into a claim. It simply puts you in a better position if it does.
If you’re unsure about your current policy or what should be reported, it’s worth taking a few minutes to review your coverage and get clarity before an issue arises.
If you have questions about your current coverage or want a second opinion, feel free to reach out 412.563.2106
When I review insurance policies for law firms, there’s one issue I see come up again and again…cyber liability.
And more often than not, the conversation starts the same way:
“We already have cyber coverage.”
That may be true. But the real question is… what does that coverage actually include?
Because in many cases, when we take a closer look, there are some significant gaps.
The Problem Isn’t Whether You Have Coverage—It’s What It Covers
I recently reviewed a policy for a small law firm. Smart attorneys, well-run practice, and they were confident they had everything in place from an insurance standpoint.
On the surface, it looked like they had cyber coverage.
But once we dug into the details, the picture changed.
There was no coverage for social engineering fraud. Wire transfer fraud protection was missing. Business interruption coverage was minimal. And the deductible was set so high that it would take a major incident before the policy even became useful.
This isn’t unusual. Many cyber policies are written in a way that appears comprehensive, but when you read the fine print, certain types of claims are carved out, capped, or excluded altogether.
Why Law Firms Are a Target
Law firms are in a unique position when it comes to cyber risk.
That combination makes law firms an attractive target for cybercriminals.
And unlike large financial institutions, most firms don’t have the same level of cybersecurity infrastructure or internal controls in place. That doesn’t mean firms are careless—it just means they’re often easier to exploit.
All it takes is one convincing email. One request that looks legitimate. One click.
From there, a situation can escalate quickly—sometimes into a six- or even seven-figure loss.
Where Cyber Policies Often Fall Short
This is where things get tricky.
A policy might say “cyber coverage,” but that doesn’t always mean you’re protected in the ways you expect.
Some of the most common gaps I see include:
Social engineering fraud – when someone impersonates a trusted party to trick you into sending money
Funds transfer fraud – unauthorized movement of money through your systems
Ransomware payments – coverage limits or conditions that don’t fully address real-world scenarios
Business interruption – limited protection for lost income if your systems are down
In many cases, these areas are either excluded entirely or subject to strict sublimits that may not go very far in an actual event.
A Better Question to Ask
If you’re a law firm owner, I’d encourage you to shift the way you think about cyber insurance.
Instead of asking:
“Do we have cyber coverage?”
Ask:
“What exactly is covered, where are the gaps and can we afford that risk?”
That’s where the real value is.
Because with cyber liability, what you don’t know can end up being the most expensive part.
Final Thought From Don I, Your Insurance Guy
Cyber risk isn’t going away. If anything, it’s becoming more sophisticated and more targeted.
The goal isn’t to overcomplicate things or create unnecessary concern—it’s simply to make sure you understand what you have in place before you need it.
If you’re unsure, it’s worth taking a closer look.
Sometimes a quick review can uncover small adjustments that make a big difference.
About the Author
Don I helps law firms and small businesses understand their insurance coverage so there are no surprises when it matters most. If you’d like a second set of eyes on your policy, he’s always happy to provide straightforward, no-pressure feedback.
One of the most important risk decisions a law firm makes doesn’t happen in the middle of a case.
It happens at the very beginning — when deciding whether to take on a client.
Over the years, I’ve seen situations where problems didn’t come from how the work was done, but from taking on work that wasn’t the right fit to begin with.
Every Firm Has a Sweet Spot
Every law firm has a “sweet spot” — the types of cases it handles well, the types of clients it works best with, and the structure it has in place to support that work.
When a case falls outside of that sweet spot, risk tends to increase, which can lead to malpractice claims.
Sometimes it’s a matter of complexity.
A sole practitioner may take on a matter that realistically requires a larger team — multiple paralegals, more time, and additional support.
The opportunity may look attractive from a revenue standpoint. But if the firm doesn’t have the capacity to fully support the work, the situation can become difficult to manage.
When Revenue and Risk Don’t Align
I’ve seen cases where a matter generates significant revenue, but also creates exposure that far exceeds it.
What looks like a strong opportunity on the surface can carry risks that aren’t immediately obvious.
That’s why it’s important to evaluate not just the potential upside of a case, but whether the firm has the capability and resources to handle it properly.
The Client Fit Matters Too
In other situations, the issue isn’t the case — it’s the client.
Some clients require more communication, more oversight, or a different working style than others. Every firm operates a little differently, and not every client will be a good fit.
If your firm has a certain pace, structure, or approach to communication, it’s important that the client aligns with that.
Sometimes your instincts will tell you that something isn’t quite right. That doesn’t necessarily mean the client is difficult — it may simply mean they’re not the right fit for your firm.
Listen To Your Gut.
It’s Okay to Say No
Referring a case out or declining to take on a client is often a good decision — for both the firm and the client.
Making sure a client is in the right place, with the right resources and expertise, ultimately leads to better outcomes.
Start with the Right Decision For Your Firm
At the end of the day, the goal is to ensure that the work you take on matches your firm’s capabilities — the right experience, the right resources, and the right structure.
When those things are aligned, you’re in a much better position to serve your clients effectively while managing risk.
And sometimes, the best decision you can make is the one you make before the work ever begins.
Cyber insurance has become an important part of risk management for law firms. Data breaches, ransomware attacks, and phishing attempts are now common risks in the legal industry, particularly because firms handle sensitive client information.But one thing I’ve noticed over the years is that many small to mid-sized law firms have cyber insurance coverage that isn’t fully aligned with the risks they actually face.
The issue is usually the details of that insurance policy.
There are several coverage gaps that tend to show up repeatedly when reviewing policies for law firms.
Common Cyber Insurance Gaps Law Firms Should Watch For
While every policy is different, there are a few areas where coverage often falls short. Understanding these gaps can help firms avoid unpleasant surprises if a cyber incident occurs.
Below are some of the most common issues I see.
Inadequate Coverage Limits
One of the most common cyber insurance gaps is insufficient coverage limits.
Cyber incidents can become expensive very quickly. Even a relatively contained incident can involve multiple layers of cost.
Potential Costs of a Cyber Incident
A cyber event may involve:
Forensic investigations to determine what happened and how the breach occurred
Legal costs associated with responding to the incident
Client notification requirements depending on the type of data involved
Credit monitoring services for affected clients
Business interruption losses if systems are unavailable
For example:
A forensic investigation alone can cost $15,000 to $50,000 or more, depending on the complexity of the breach.
Credit monitoring services can run up to $30 per person per month for 12–24 months.
When you add those costs together, the financial impact can expand quickly.If a firm’s coverage limit is too low, the policy may still provide assistance—but it may not go nearly as far as the firm expected.
Missing or Limited Social Engineering Coverage
Another gap I often see involves social engineering coverage.Social engineering fraud occurs when someone is tricked into sending money or sensitive information because they believe the request is legitimate.
Examples of Social Engineering in Law Firms
These situations might involve:
An email that appears to come from a client
A request that looks like it came from a colleague
Instructions from what appears to be a trusted partner in a transaction
Because legal transactions often involve sensitive documents and financial transfers, law firms can be particularly vulnerable to these types of scams.
However, not every cyber insurance policy automatically includes strong protection for social engineering losses.In many cases, it requires a specific endorsement or additional coverage to be added to the policy.
Lack of Meaningful Business Interruption Coverage
Business interruption is another area that is sometimes overlooked.
If a cyber incident shuts down a firm’s systems, the consequences can extend far beyond the technical problem itself.
How System Downtime Can Affect a Law Firm
When systems are unavailable, firms may experience:
Delayed cases and legal filings
Staff unable to access important files
Disruptions to normal operations
Potentially missed statutes of limitation
Even a temporary disruption can have significant operational and financial consequences.Business interruption coverage is designed to help address these situations. However, not every policy includes this coverage in a meaningful way, and some policies may include limitations that firms don’t realize until after an incident occurs.
High Deductibles That Surprise Firms Later
Another detail that often gets overlooked is the policy deductible.Many firms understandably focus on the coverage limit, but the deductible plays an equally important role in determining how the policy functions.
Why Deductibles Matter
Some cyber policies carry deductibles that are much higher than firms realize.
This means that before the insurance coverage begins responding, the firm may need to absorb a significant portion of the costs themselves.
If that deductible is higher than expected, the financial impact of an incident may be greater than anticipated.
Reviewing this number carefully is an important step in understanding how the policy will actually work in a real-world situation.
Misunderstanding the Retroactive Date
One final detail that deserves attention is the retroactive date.The retroactive date helps determine how far back the policy coverage applies if a breach or cyber incident began before it was discovered.
Why Retroactive Dates Matter
Many cyber incidents are not discovered immediately. In some cases, malicious activity may have started months before anyone realized there was a problem.
The retroactive date helps determine whether that earlier activity is covered.If the retroactive date isn’t fully understood, firms may assume coverage exists when it may not apply in certain situations.
Why These Gaps Happen
It’s important to note that these gaps usually don’t happen because law firms are careless.
In most cases, the issue is simply that:
Cyber insurance has evolved rapidly in recent years
Policy language can be complex
Coverage options can vary significantly between insurers
As a result, many firms end up with policies that made sense when they were purchased—but may not fully reflect how the firm operates today.
Reviewing Your Cyber Insurance Coverage
Because cyber risks continue to evolve, it’s helpful for law firms to periodically review their cyber insurance policies.
A simple policy review can help answer important questions such as:
Are the coverage limits still appropriate?
Does the policy include social engineering protection?
Is there meaningful business interruption coverage?
Are the deductibles reasonable?
Do we fully understand the retroactive date?
Often, a short conversation can clarify many of these details and help firms feel more confident about the protection they have in place.
Final Thoughts
Cyber insurance has become a critical component of risk management for modern law firms.
However, having coverage isn’t always the same as having the right coverage.
Taking the time to review the details of a policy can help ensure that the protection in place truly aligns with the risks law firms face today.
Want Help Reviewing Your Policy?
If you’re not sure how your cyber insurance policy would respond in a real-world incident, it may be worth taking a closer look.Give INF a call at 412-563-2106 and we can review the key areas discussed in this article to make sure your firm has coverage that’s right for you.
