Category Archives: Uncategorized

Cyber Insurance Gaps I See Most Often in Law Firms

Posted on by

Cyber insurance has become an important part of risk management for law firms. Data breaches, ransomware attacks, and phishing attempts are now common risks in the legal industry, particularly because firms handle sensitive client information.But one thing I’ve noticed over the years is that many small to mid-sized law firms have cyber insurance coverage that isn’t fully aligned with the risks they actually face.

The issue is usually the details of that insurance policy.

There are several coverage gaps that tend to show up repeatedly when reviewing policies for law firms.

Common Cyber Insurance Gaps Law Firms Should Watch For

While every policy is different, there are a few areas where coverage often falls short. Understanding these gaps can help firms avoid unpleasant surprises if a cyber incident occurs.

Below are some of the most common issues I see.

Inadequate Coverage Limits

One of the most common cyber insurance gaps is insufficient coverage limits.

Cyber incidents can become expensive very quickly. Even a relatively contained incident can involve multiple layers of cost.

Potential Costs of a Cyber Incident

A cyber event may involve:

  • Forensic investigations to determine what happened and how the breach occurred
  • Legal costs associated with responding to the incident
  • Client notification requirements depending on the type of data involved
  • Credit monitoring services for affected clients
  • Business interruption losses if systems are unavailable

For example:

  • A forensic investigation alone can cost $15,000 to $50,000 or more, depending on the complexity of the breach.
  • Credit monitoring services can run up to $30 per person per month for 12–24 months.

When you add those costs together, the financial impact can expand quickly.If a firm’s coverage limit is too low, the policy may still provide assistance—but it may not go nearly as far as the firm expected.

Missing or Limited Social Engineering Coverage

Another gap I often see involves social engineering coverage.Social engineering fraud occurs when someone is tricked into sending money or sensitive information because they believe the request is legitimate.

Examples of Social Engineering in Law Firms

These situations might involve:

  • An email that appears to come from a client
  • A request that looks like it came from a colleague
  • Instructions from what appears to be a trusted partner in a transaction

Because legal transactions often involve sensitive documents and financial transfers, law firms can be particularly vulnerable to these types of scams.

However, not every cyber insurance policy automatically includes strong protection for social engineering losses.In many cases, it requires a specific endorsement or additional coverage to be added to the policy.

Lack of Meaningful Business Interruption Coverage

Business interruption is another area that is sometimes overlooked.

If a cyber incident shuts down a firm’s systems, the consequences can extend far beyond the technical problem itself.

How System Downtime Can Affect a Law Firm

When systems are unavailable, firms may experience:

  • Delayed cases and legal filings
  • Staff unable to access important files
  • Disruptions to normal operations
  • Potentially missed statutes of limitation

Even a temporary disruption can have significant operational and financial consequences.Business interruption coverage is designed to help address these situations. However, not every policy includes this coverage in a meaningful way, and some policies may include limitations that firms don’t realize until after an incident occurs.

High Deductibles That Surprise Firms Later

Another detail that often gets overlooked is the policy deductible.Many firms understandably focus on the coverage limit, but the deductible plays an equally important role in determining how the policy functions.

Why Deductibles Matter

Some cyber policies carry deductibles that are much higher than firms realize.

This means that before the insurance coverage begins responding, the firm may need to absorb a significant portion of the costs themselves.

If that deductible is higher than expected, the financial impact of an incident may be greater than anticipated.

Reviewing this number carefully is an important step in understanding how the policy will actually work in a real-world situation.

Misunderstanding the Retroactive Date

One final detail that deserves attention is the retroactive date.The retroactive date helps determine how far back the policy coverage applies if a breach or cyber incident began before it was discovered.

Why Retroactive Dates Matter

Many cyber incidents are not discovered immediately. In some cases, malicious activity may have started months before anyone realized there was a problem.

The retroactive date helps determine whether that earlier activity is covered.If the retroactive date isn’t fully understood, firms may assume coverage exists when it may not apply in certain situations.

Why These Gaps Happen

It’s important to note that these gaps usually don’t happen because law firms are careless.

In most cases, the issue is simply that:

  • Cyber insurance has evolved rapidly in recent years
  • Policy language can be complex
  • Coverage options can vary significantly between insurers

As a result, many firms end up with policies that made sense when they were purchased—but may not fully reflect how the firm operates today.

Reviewing Your Cyber Insurance Coverage

Because cyber risks continue to evolve, it’s helpful for law firms to periodically review their cyber insurance policies.

A simple policy review can help answer important questions such as:

  • Are the coverage limits still appropriate?
  • Does the policy include social engineering protection?
  • Is there meaningful business interruption coverage?
  • Are the deductibles reasonable?
  • Do we fully understand the retroactive date?

Often, a short conversation can clarify many of these details and help firms feel more confident about the protection they have in place.

Final Thoughts

Cyber insurance has become a critical component of risk management for modern law firms.

However, having coverage isn’t always the same as having the right coverage.

Taking the time to review the details of a policy can help ensure that the protection in place truly aligns with the risks law firms face today.

Want Help Reviewing Your Policy?

If you’re not sure how your cyber insurance policy would respond in a real-world incident, it may be worth taking a closer look.Give INF a call at 412-563-2106 and we can review the key areas discussed in this article to make sure your firm has coverage that’s right for you.

I’m Don I. Your Insurance Guy.

Extended Reporting Periods: What Every Attorney Needs to Know Before Tailing Out

Posted on by

If you’re planning to retire, step away from private practice, or transition out of law for any reason, there’s one topic you cannot afford to misunderstand: extended reporting periods, often referred to as “tail coverage.”

Recently, I read an article published on the Professional Liability Underwriting Society blog, authored by Lucas Roberts, that does an excellent job of reinforcing an important—and often overlooked—point about tail coverage. It’s a point worth emphasizing because getting it wrong can leave you exposed at exactly the wrong time.

What an Extended Reporting Period Really Does

Many attorneys assume that purchasing tail coverage (or qualifying for a free tail) automatically protects them from any issues that arise after their policy ends. That assumption can be dangerous.

An extended reporting period does not extend the time to report claims you already know about.

Instead, it allows you to report claims that are first made against you and first become known to you during the extended reporting period—after your policy has ended.

That distinction matters.

Known Claims Must Be Reported Before You Tail Out

Before canceling your policy or requesting tail coverage, you must take the time to review your files carefully. Any claim—or even a potential claim—that you are aware of must be reported to your carrier before the policy ends.

This is true whether you are:

  • Purchasing tail coverage, or
  • Qualifying for a free tail under your policy

Failing to report known issues before tailing out can result in a claim being denied later due to late reporting—even if you have an extended reporting period in place.

Why This Step Is So Important

Here’s the situation you want to avoid:

You retire or leave practice.
You tail out your policy.
A claim surfaces during the extended reporting period.
You report it—only to learn that the carrier declines coverage because the issue was known before the policy ended and was never reported.

At that point, you may find yourself personally responsible for a claim you assumed was covered.

The Right Way to Protect Yourself

Before you tail out:

  1. Review your open and closed files carefully
  2. Identify any actual or potential claims
  3. Report those issues to your carrier before canceling the policy
  4. Then proceed with tail coverage—free or purchased

Taking these steps helps ensure that the coverage you believe you have is actually there when you need it.

Final Thoughts

Extended reporting periods are a valuable protection—but only when they’re understood and used correctly. Don’t let a technical misunderstanding undo years of careful risk management.

If you’re approaching retirement or considering a transition out of practice, now is the time to review your coverage and make sure everything is handled properly.

Cyber Insurance Myths Law Firms Still Believe

Posted on by

Cyber insurance is still one of the most misunderstood types of coverage I see — especially among law firms.

Many firms assume they’re protected…
until something actually happens.

Unfortunately, that’s often when they discover the coverage they thought they had doesn’t respond the way they expected. Let’s clear up some of the most common cyber insurance myths law firms continue to believe.

Myth #1: “Our General Liability Policy Covers Cyber Incidents”

This is one of the most common — and most dangerous — assumptions.

In most cases, general liability insurance does not cover cyber incidents.
 General liability is designed for things like bodily injury, property damage, or advertising injury — not data breaches, ransomware, or network intrusions.

If a client’s personal information is compromised, a general liability policy typically won’t respond. That’s where cyber insurance comes in — if you have it set up correctly.

Myth #2: “We Have an IT Company, So We Don’t Need Cyber Insurance”

IT support is critical — but it’s not a substitute for insurance.

Think of it this way:

  • IT helps prevent problems
  • Insurance responds when prevention fails

Even the best security systems can be bypassed. Phishing emails, compromised passwords, vendor breaches, and human error still happen every day. When they do, cyber insurance helps cover the financial fallout — not your IT provider.

Myth #3: “We’re Too Small to Be a Target”

This one couldn’t be further from the truth.

Today, size doesn’t matter when it comes to cyber attacks. In fact, smaller law firms are often easier targets:

  • Less money spent on cybersecurity
  • Fewer internal controls
  • Outdated systems
  • Easier access points for attackers

Hackers aren’t always looking for the biggest payout — they’re looking for the path of least resistance.

Myth #4: “Cyber Insurance Is Just for Ransomware”

Ransomware may get the headlines, but cyber insurance covers much more than that.

Depending on the policy, cyber coverage may help with:

  • Data breaches
  • Business interruption
  • Client notification requirements
  • Forensic investigations
  • Legal and regulatory costs
  • Credit monitoring services
  • Crisis management and reputation support

Cyber incidents can affect your firm long after systems are restored — and the costs add up quickly.

The Real Issue: Understanding What Cyber Insurance Does (and Doesn’t) Cover

The biggest issue isn’t whether a law firm has cyber insurance.

It’s whether they understand:

  • What their policy actually covers
  • What it excludes
  • How it would respond in a real-world incident

If you’re not sure how your policy would work during a data breach or cyber attack, that’s usually a sign it’s worth reviewing.

The #1 Insurance Mistake I See Every January (And Why It Matters)

Posted on by

Every January, I see the same insurance mistake. And it usually doesn’t show up until there’s a problem.

It’s not that people don’t have insurance. Most do. The issue is the assumption that because a policy renewed, the coverage must still be right for the business. Unfortunately, that assumption can be costly.

Renewed Doesn’t Always Mean Reviewed

Most insurance policies renew automatically. That convenience is helpful, but it can also be misleading. A renewal doesn’t necessarily mean anyone reviewed your coverage. In many cases, it simply means the paperwork rolled over from the previous year.

The challenge is that businesses don’t stay the same from year to year.

Over the course of twelve months, you may hire employees, take on new types of clients, rely more heavily on technology, or store more sensitive data. Each of those changes can affect your risk. But unless someone actually looks at the policy, your coverage remains exactly where it was.

Where Problems Often Appear

I’ve seen situations where someone believed they were fully covered — and technically, they were. Just not for the situation they were facing.

The issue usually isn’t negligence. It’s the assumption that “renewed” meant “reviewed.” When a claim happens, that’s not the time anyone wants to discover that something changed and the policy didn’t keep up. At that point, the decision has already been made.

Why January Is the Right Time to Look

The start of the year is actually a good time to pause and ask a simple question: does my insurance still match how my business operates today?

That doesn’t automatically mean you need more coverage. In many cases, it simply means you need the right coverage for how your business has evolved.

A short review at the beginning of the year can help identify gaps, outdated limits, or assumptions that no longer apply. More importantly, it can prevent an expensive surprise later.

A Small Step That Can Make a Big Difference

Insurance is designed to protect you when something unexpected happens. Making sure your coverage reflects how your business actually operates is one of the simplest ways to make sure it does what it’s supposed to do.

A little time spent reviewing things now can go a long way toward avoiding problems later — and that’s something I’d always rather help people prevent.

Protect Your Business From Today’s Cyber Threats — Before It’s Too Late

Posted on by

In today’s digital world, cyber threats aren’t just targeting the big corporations you see on the news. They’re hitting small businesses every single day — law firms, chiropractors, retailers, accountants, nonprofits, and anyone who handles sensitive information.

And here’s the scary part:

It only takes one wrong click.
One outdated system.
One overlooked vulnerability.

And suddenly… it’s game over.

But not today.

That’s exactly why I wrote Game Over? Not Today! Power-Ups for Cyber Liability and Security — a practical, no-fluff guide built to give business owners the tools they need to stay protected in a world where cyber threats evolve faster than ever.

Below are four of the biggest “power-ups” from the book — the ones that can make or break your protection.

Power-Up #1: Your Employees

Your team can be your strongest defense… or your biggest vulnerability.

Most cyber incidents don’t start with sophisticated hackers breaking into a network. They start with everyday mistakes — clicking a suspicious link, opening a bad attachment, or ignoring a warning sign.

In the book, I walk you through simple, repeatable habits your employees can build to:

  • Spot phishing emails
  • Identify strange links
  • Recognize suspicious account activity
  • Report problems before they escalate

This is the kind of daily awareness that saves businesses from major losses.

Power-Up #2: Review Your Cyber Insurance Regularly

Most business owners purchase a cyber liability policy…
and then never look at it again.

But threats change.
Your business changes.
Your technology changes.

And if your coverage doesn’t keep up, you may not be protected the way you think you are.

A quick annual review can help you:

  • Close dangerous gaps
  • Update limits based on growth
  • Make sure exclusions aren’t leaving you exposed
  • Align your coverage with your current risk level

It’s one of the simplest and most impactful steps you can take.

Power-Up #3: Partner With the Right Cybersecurity Experts

You don’t have to go it alone.

The right cybersecurity partner gives you:

  • Better tools
  • Stronger defenses
  • Real-time monitoring
  • Faster responses
  • And in many cases… better insurance terms

Not all cybersecurity providers are equal, so inside the book, I break down exactly what to look for — and what to avoid — so you get real value instead of empty promises.

Power-Up #4: Have a Clear, Practical Plan in Place

Every business needs a clear set of cybersecurity fundamentals, including:

  • An incident response plan
  • A documented process for who does what in a cyber event
  • A genuine understanding of what your policy actually covers
  • A checklist to make sure nothing slips through the cracks

No jargon. No overwhelm. Just practical steps that keep your business confident and prepared.

Ready to Protect Your Business?

If you want the peace of mind that comes from knowing your business is prepared, protected, and ready for whatever comes your way, now’s the time to take action.

📘 Download Game Over? Not Today! Power-Ups for Cyber Liability and Security and get the tools you need to stay ahead of evolving threats.

Application Management

Posted on by

Today I wanted to share an important reminder that too many attorneys learn the hard way: renewal application management matters. In fact, it can make the difference between keeping decades of prior acts coverage… or losing it overnight.

A Real Conversation With a Real Consequence

I recently spoke with an attorney who was considering switching their legal malpractice coverage over to us. They told me they’d had continuous coverage for more than 20 years — never a lapse, never a break.

But when I reviewed their current policy, something immediately stood out:

Their retroactive date was only a couple of years old.

If you’ve carried uninterrupted coverage for two decades, that should never happen. So I asked, “What’s going on with this retro date?”

The answer was painful.

A few years back, their firm submitted their renewal application late. The carrier still issued a quote — but with a new retroactive date. That single change wiped out nearly 20 years of prior acts coverage. One late renewal. One technicality. A massive loss of protection.

Don’t Let This Happen to Your Firm

We’re heading into the busy season — holidays, year-end work, family commitments, and a general whirlwind of “I’ll get to it later.” But your legal malpractice renewal application is not something to push back.

Treat it like you would a statute of limitations.
Put it in your calendaring system.
Enter reminders at 120 days, 90 days, 60 days, and even 30 days before renewal.

Whatever you do, don’t assume you can complete your application on December 30 for a January 1 renewal and expect the carrier to turn it around in time. Most carriers need 20–25 days to properly underwrite your file. You might get lucky once — but luck is not a strategy.

The Stakes Are Too High

Imagine carrying legal malpractice insurance your entire career — 20 or 30 years — only to lose all those prior acts because your renewal was late by a day or two.

It happens.
It’s brutal.
And it’s completely avoidable.

Final Thoughts

If you take nothing else from this story, take this:
Calendar your renewal like a critical deadline.
Protect your prior acts coverage.
Don’t give a carrier any reason to strip away decades of protection simply because paperwork arrived late.

The $8.5 Million Mistake: How Real Estate Wire Fraud Can Destroy a Closing Overnight

Posted on by

Your client wires $8.5 million to close on their dream property… but the money never reaches the seller.

Instead, it lands in a criminal’s account — and disappears forever.

This isn’t a thriller or a cautionary tale told at legal seminars.
It’s happening to law firms, title companies, and real estate professionals across the country right now.
And if you’re not taking precautions, it could happen to you.

How Real Estate Wire Fraud Works

Wire fraud schemes are disturbingly simple — and brutally effective.

Hackers infiltrate a lawyer’s or real estate agent’s email account, often by exploiting weak passwords or phishing links.
Once inside, they quietly monitor communication for weeks or even months, studying how you and your clients talk about the transaction.

Then, just days before closing, they strike.

They send your client a fake email — nearly identical to yours — with “updated wiring instructions.” The logo matches. The tone matches. Even the signature block looks right.

Except for one tiny detail:
The email address is off by a single letter.

Example:
Real: lawyer@firm.com
Fake: lawyer@firrn.com

Your client, eager to finalize the deal, follows the instructions and wires the funds — straight into the hacker’s account.
By the time anyone notices, it’s too late.

Why Attorneys Are Prime Targets

Real estate closings are a gold mine for cybercriminals:

  • They involve large sums of money
  • They happen under tight deadlines
  • They require constant communication among buyers, sellers, lenders, agents, and attorneys

When stress is high and time is short, mistakes happen — and hackers count on it.
And when millions vanish, the first question everyone asks is:

“Who’s responsible?”

All too often, the finger points at the attorney.

A 3-Step Plan to Stop Wire Fraud Cold

The good news?
You can prevent most wire fraud attempts with three simple steps.

1. Verify Wiring Instructions by Phone

Before any funds are transferred, have your client call a known, trusted phone number to confirm the wiring details.
Not the number in the email — the one you gave them at the start of the engagement.
Even a 30-second phone call can save millions.

2. Educate Your Clients Early

Make it part of your onboarding process to warn clients about wire fraud.
Tell them exactly what to expect — and what not to.
Use this simple script:

“We will never send you wiring instructions by email without verbal confirmation.”

Setting expectations early can eliminate panic and prevent confusion when scammers strike.

3. Use Secure Communication Tools

Whenever possible, send wiring instructions and sensitive details through encrypted portals instead of email.
Think of it as locking the message in a safe instead of dropping it in an open mailbox.

Final Thoughts

Wire fraud isn’t just a technology problem — it’s a people problem.


Hackers rely on trust, urgency, and human error to make their schemes work.
But by slowing down, verifying, and securing your communication, you can protect your clients, your firm, and your reputation.

Bonus Tip: Want to Learn More?

For more real-world stories about cyber risks facing attorneys, check out Don Ivol’s book Game Over? Not Today!
It’s packed with lessons and strategies to help professionals stay one step ahead of cyber threats.

The Hidden Dangers of Public Wi-Fi for Attorneys

Posted on by

Would you hand your briefcase full of confidential client files to a total stranger at Starbucks?
Probably not.

But every time you hop on public Wi-Fi without protection, that’s basically what you’re doing — without even realizing it.

The Illusion of “Free” Wi-Fi

Public Wi-Fi networks at airports, hotels, and coffee shops seem harmless — even convenient. But here’s the truth: these networks are wide-open doors for cybercriminals.

Hackers can launch what’s known as a “man-in-the-middle” attack, which means they slip between you and the internet, secretly watching everything you send — emails, client documents, and even your login credentials.

It’s like passing your case files through a stranger who reads every page before forwarding it along.

Why Attorneys Are Prime Targets

As an attorney, you handle some of the most sensitive information imaginable — from real-estate transactions and business deals to medical records and trust accounts. A single intercepted email could lead to:

  • A breach of client confidentiality
  • Wire fraud involving client trust accounts
  • Or even a malpractice claim

And let’s face it — your reputation is everything. One careless connection on public Wi-Fi could cost you clients, your credibility, and potentially thousands in damages.

How to Protect Yourself (and Your Clients)

The good news? Protecting yourself doesn’t have to be complicated. Here are three quick ways to stay secure when working remotely:

1. Use a VPN (Virtual Private Network)

A VPN encrypts your connection, locking your data in a secure “briefcase” before it travels online. Even if someone intercepts it, they can’t read it.

2. Use Your Phone’s Hotspot

When possible, connect through your mobile data instead of public Wi-Fi. Your phone’s network is far more secure than that “free coffee shop Wi-Fi.”

3. Double-Check the Network Name

Hackers often set up fake Wi-Fi networks with names like “Free Hotel Wi-Fi” or “Airport Guest.” Always verify the exact network name before connecting — or ask an employee to confirm it.

These small steps make it dramatically harder for cybercriminals to snoop on your information.

Cybersecurity Is Client Protection

Cybersecurity isn’t just about safeguarding your computer — it’s about protecting your clients, your firm, and your reputation.

So the next time you’re working outside the office, take a moment before you connect. A little caution now can save you a massive headache later.

Optional Add-On (for Don’s Book Mention)

For even more cybersecurity tips tailored to law firms, check out Don Ivol’s book, Game Over? Not Today! — your guide to understanding the cyber risks every attorney needs to know.

Navigating Hazards: What Golf and Legal Malpractice Insurance Have in Common

Posted on by

If you’ve ever played a round of golf, you know the course is full of hazards. Whether it’s sand traps, thick rough, trees, or even dreaded water hazards, every hole presents its own unique challenges. And if you play golf like me, you tend to find all of them! But as I was out on the course recently, I realized that golf isn’t too different from running a law practice.

Whether you work in a large firm or operate as a solo practitioner, your daily practice is full of hazards. Blown statutes of limitations, hidden conflicts of interest, or even taking on the wrong client—each of these can lead to serious consequences. But unlike in golf, where you have to navigate hazards on your own, in the legal world, you have a safety net: legal malpractice insurance.

The Advantage of Legal Malpractice Insurance

One of the key benefits of most legal malpractice policies is access to risk management resources, often in the form of a hotline. This invaluable tool allows you to consult with experienced professionals who can help you navigate complex situations. Whether you need guidance on a tricky legal issue, are unsure how to proceed with a particular case, or simply want to double-check your risk exposure, making a quick call to the hotline can help mitigate potential problems before they escalate into claims.

Imagine if golf worked the same way. What if you could call up a pro like Scottie Scheffler and ask for advice when you’re in a tough spot—trapped in a bunker with a pebble behind your ball and a tricky shot ahead? Unfortunately, that’s not an option in golf. But in law, you do have that lifeline, and it’s wise to take advantage of it.

Use the Tools at Your Disposal

Legal malpractice insurance isn’t just there to protect you after a claim arises—it’s a proactive tool to help you manage risks before they turn into major problems. So, the next time you find yourself facing a professional hazard, remember to use the resources available to you. Pick up the phone, call the hotline, and get the advice you need.

In golf, you have to play the ball where it lies. But in law, you don’t have to face hazards alone.

And remember—I’m Don, your insurance guy, not your golf guy!

Have any questions about the risk management hotline? Call INF at 412.563.2106