Monthly Archives: January 2026

Cyber Insurance Myths Law Firms Still Believe

Posted on by

Cyber insurance is still one of the most misunderstood types of coverage I see — especially among law firms.

Many firms assume they’re protected…
until something actually happens.

Unfortunately, that’s often when they discover the coverage they thought they had doesn’t respond the way they expected. Let’s clear up some of the most common cyber insurance myths law firms continue to believe.

Myth #1: “Our General Liability Policy Covers Cyber Incidents”

This is one of the most common — and most dangerous — assumptions.

In most cases, general liability insurance does not cover cyber incidents.
 General liability is designed for things like bodily injury, property damage, or advertising injury — not data breaches, ransomware, or network intrusions.

If a client’s personal information is compromised, a general liability policy typically won’t respond. That’s where cyber insurance comes in — if you have it set up correctly.

Myth #2: “We Have an IT Company, So We Don’t Need Cyber Insurance”

IT support is critical — but it’s not a substitute for insurance.

Think of it this way:

  • IT helps prevent problems
  • Insurance responds when prevention fails

Even the best security systems can be bypassed. Phishing emails, compromised passwords, vendor breaches, and human error still happen every day. When they do, cyber insurance helps cover the financial fallout — not your IT provider.

Myth #3: “We’re Too Small to Be a Target”

This one couldn’t be further from the truth.

Today, size doesn’t matter when it comes to cyber attacks. In fact, smaller law firms are often easier targets:

  • Less money spent on cybersecurity
  • Fewer internal controls
  • Outdated systems
  • Easier access points for attackers

Hackers aren’t always looking for the biggest payout — they’re looking for the path of least resistance.

Myth #4: “Cyber Insurance Is Just for Ransomware”

Ransomware may get the headlines, but cyber insurance covers much more than that.

Depending on the policy, cyber coverage may help with:

  • Data breaches
  • Business interruption
  • Client notification requirements
  • Forensic investigations
  • Legal and regulatory costs
  • Credit monitoring services
  • Crisis management and reputation support

Cyber incidents can affect your firm long after systems are restored — and the costs add up quickly.

The Real Issue: Understanding What Cyber Insurance Does (and Doesn’t) Cover

The biggest issue isn’t whether a law firm has cyber insurance.

It’s whether they understand:

  • What their policy actually covers
  • What it excludes
  • How it would respond in a real-world incident

If you’re not sure how your policy would work during a data breach or cyber attack, that’s usually a sign it’s worth reviewing.

The #1 Insurance Mistake I See Every January (And Why It Matters)

Posted on by

Every January, I see the same insurance mistake. And it usually doesn’t show up until there’s a problem.

It’s not that people don’t have insurance. Most do. The issue is the assumption that because a policy renewed, the coverage must still be right for the business. Unfortunately, that assumption can be costly.

Renewed Doesn’t Always Mean Reviewed

Most insurance policies renew automatically. That convenience is helpful, but it can also be misleading. A renewal doesn’t necessarily mean anyone reviewed your coverage. In many cases, it simply means the paperwork rolled over from the previous year.

The challenge is that businesses don’t stay the same from year to year.

Over the course of twelve months, you may hire employees, take on new types of clients, rely more heavily on technology, or store more sensitive data. Each of those changes can affect your risk. But unless someone actually looks at the policy, your coverage remains exactly where it was.

Where Problems Often Appear

I’ve seen situations where someone believed they were fully covered — and technically, they were. Just not for the situation they were facing.

The issue usually isn’t negligence. It’s the assumption that “renewed” meant “reviewed.” When a claim happens, that’s not the time anyone wants to discover that something changed and the policy didn’t keep up. At that point, the decision has already been made.

Why January Is the Right Time to Look

The start of the year is actually a good time to pause and ask a simple question: does my insurance still match how my business operates today?

That doesn’t automatically mean you need more coverage. In many cases, it simply means you need the right coverage for how your business has evolved.

A short review at the beginning of the year can help identify gaps, outdated limits, or assumptions that no longer apply. More importantly, it can prevent an expensive surprise later.

A Small Step That Can Make a Big Difference

Insurance is designed to protect you when something unexpected happens. Making sure your coverage reflects how your business actually operates is one of the simplest ways to make sure it does what it’s supposed to do.

A little time spent reviewing things now can go a long way toward avoiding problems later — and that’s something I’d always rather help people prevent.