One of the most important risk decisions a law firm makes doesn’t happen in the middle of a case.
It happens at the very beginning — when deciding whether to take on a client.
Over the years, I’ve seen situations where problems didn’t come from how the work was done, but from taking on work that wasn’t the right fit to begin with.
Every Firm Has a Sweet Spot
Every law firm has a “sweet spot” — the types of cases it handles well, the types of clients it works best with, and the structure it has in place to support that work.
When a case falls outside of that sweet spot, risk tends to increase, which can lead to malpractice claims.
Sometimes it’s a matter of complexity.
A sole practitioner may take on a matter that realistically requires a larger team — multiple paralegals, more time, and additional support.
The opportunity may look attractive from a revenue standpoint. But if the firm doesn’t have the capacity to fully support the work, the situation can become difficult to manage.
When Revenue and Risk Don’t Align
I’ve seen cases where a matter generates significant revenue, but also creates exposure that far exceeds it.
What looks like a strong opportunity on the surface can carry risks that aren’t immediately obvious.
That’s why it’s important to evaluate not just the potential upside of a case, but whether the firm has the capability and resources to handle it properly.
The Client Fit Matters Too
In other situations, the issue isn’t the case — it’s the client.
Some clients require more communication, more oversight, or a different working style than others. Every firm operates a little differently, and not every client will be a good fit.
If your firm has a certain pace, structure, or approach to communication, it’s important that the client aligns with that.
Sometimes your instincts will tell you that something isn’t quite right. That doesn’t necessarily mean the client is difficult — it may simply mean they’re not the right fit for your firm.
Listen To Your Gut.
It’s Okay to Say No
Referring a case out or declining to take on a client is often a good decision — for both the firm and the client.
Making sure a client is in the right place, with the right resources and expertise, ultimately leads to better outcomes.
Start with the Right Decision For Your Firm
At the end of the day, the goal is to ensure that the work you take on matches your firm’s capabilities — the right experience, the right resources, and the right structure.
When those things are aligned, you’re in a much better position to serve your clients effectively while managing risk.
And sometimes, the best decision you can make is the one you make before the work ever begins.
Cyber insurance has become an important part of risk management for law firms. Data breaches, ransomware attacks, and phishing attempts are now common risks in the legal industry, particularly because firms handle sensitive client information.But one thing I’ve noticed over the years is that many small to mid-sized law firms have cyber insurance coverage that isn’t fully aligned with the risks they actually face.
The issue is usually the details of that insurance policy.
There are several coverage gaps that tend to show up repeatedly when reviewing policies for law firms.
Common Cyber Insurance Gaps Law Firms Should Watch For
While every policy is different, there are a few areas where coverage often falls short. Understanding these gaps can help firms avoid unpleasant surprises if a cyber incident occurs.
Below are some of the most common issues I see.
Inadequate Coverage Limits
One of the most common cyber insurance gaps is insufficient coverage limits.
Cyber incidents can become expensive very quickly. Even a relatively contained incident can involve multiple layers of cost.
Potential Costs of a Cyber Incident
A cyber event may involve:
Forensic investigations to determine what happened and how the breach occurred
Legal costs associated with responding to the incident
Client notification requirements depending on the type of data involved
Credit monitoring services for affected clients
Business interruption losses if systems are unavailable
For example:
A forensic investigation alone can cost $15,000 to $50,000 or more, depending on the complexity of the breach.
Credit monitoring services can run up to $30 per person per month for 12–24 months.
When you add those costs together, the financial impact can expand quickly.If a firm’s coverage limit is too low, the policy may still provide assistance—but it may not go nearly as far as the firm expected.
Missing or Limited Social Engineering Coverage
Another gap I often see involves social engineering coverage.Social engineering fraud occurs when someone is tricked into sending money or sensitive information because they believe the request is legitimate.
Examples of Social Engineering in Law Firms
These situations might involve:
An email that appears to come from a client
A request that looks like it came from a colleague
Instructions from what appears to be a trusted partner in a transaction
Because legal transactions often involve sensitive documents and financial transfers, law firms can be particularly vulnerable to these types of scams.
However, not every cyber insurance policy automatically includes strong protection for social engineering losses.In many cases, it requires a specific endorsement or additional coverage to be added to the policy.
Lack of Meaningful Business Interruption Coverage
Business interruption is another area that is sometimes overlooked.
If a cyber incident shuts down a firm’s systems, the consequences can extend far beyond the technical problem itself.
How System Downtime Can Affect a Law Firm
When systems are unavailable, firms may experience:
Delayed cases and legal filings
Staff unable to access important files
Disruptions to normal operations
Potentially missed statutes of limitation
Even a temporary disruption can have significant operational and financial consequences.Business interruption coverage is designed to help address these situations. However, not every policy includes this coverage in a meaningful way, and some policies may include limitations that firms don’t realize until after an incident occurs.
High Deductibles That Surprise Firms Later
Another detail that often gets overlooked is the policy deductible.Many firms understandably focus on the coverage limit, but the deductible plays an equally important role in determining how the policy functions.
Why Deductibles Matter
Some cyber policies carry deductibles that are much higher than firms realize.
This means that before the insurance coverage begins responding, the firm may need to absorb a significant portion of the costs themselves.
If that deductible is higher than expected, the financial impact of an incident may be greater than anticipated.
Reviewing this number carefully is an important step in understanding how the policy will actually work in a real-world situation.
Misunderstanding the Retroactive Date
One final detail that deserves attention is the retroactive date.The retroactive date helps determine how far back the policy coverage applies if a breach or cyber incident began before it was discovered.
Why Retroactive Dates Matter
Many cyber incidents are not discovered immediately. In some cases, malicious activity may have started months before anyone realized there was a problem.
The retroactive date helps determine whether that earlier activity is covered.If the retroactive date isn’t fully understood, firms may assume coverage exists when it may not apply in certain situations.
Why These Gaps Happen
It’s important to note that these gaps usually don’t happen because law firms are careless.
In most cases, the issue is simply that:
Cyber insurance has evolved rapidly in recent years
Policy language can be complex
Coverage options can vary significantly between insurers
As a result, many firms end up with policies that made sense when they were purchased—but may not fully reflect how the firm operates today.
Reviewing Your Cyber Insurance Coverage
Because cyber risks continue to evolve, it’s helpful for law firms to periodically review their cyber insurance policies.
A simple policy review can help answer important questions such as:
Are the coverage limits still appropriate?
Does the policy include social engineering protection?
Is there meaningful business interruption coverage?
Are the deductibles reasonable?
Do we fully understand the retroactive date?
Often, a short conversation can clarify many of these details and help firms feel more confident about the protection they have in place.
Final Thoughts
Cyber insurance has become a critical component of risk management for modern law firms.
However, having coverage isn’t always the same as having the right coverage.
Taking the time to review the details of a policy can help ensure that the protection in place truly aligns with the risks law firms face today.
Want Help Reviewing Your Policy?
If you’re not sure how your cyber insurance policy would respond in a real-world incident, it may be worth taking a closer look.Give INF a call at 412-563-2106 and we can review the key areas discussed in this article to make sure your firm has coverage that’s right for you.
