Exclusive first look at Coalition’s new cyber claims dataGet the 2024 Cyber Claims Report
Cyber Incident? Get Help


See how a new approach to cyber risk can help legal organizations prioritize cybersecurity and data privacy to help avoid costly breaches.

Industry - Legal thumbnail

Why cyber insurance is critical for legal organizations

Maintaining trust and security is a major concern for most professional service organizations and is especially true for those in the legal industry. Many legal organizations prioritize data privacy and cybersecurity to help avoid costly breaches and incidents that could damage their reputation or way of doing business. 

Legal organizations operate based on competency, trust, and confidentiality. As part of the duty of competent representation, lawyers are ethically bound to become and remain technologically competent, which includes keeping up with changes in technology or data protection laws that may affect their practices. Legal organizations are also bound to protect client privilege and confidentiality. A breach or security incident that is handled improperly can have major implications that go beyond direct expenses and cross into cyber liability and in some cases professional liability territory, underscoring the importance of strong security controls and cyber insurance.

How bad could one small security incident be?

Circle - Money


Average cost of a cyber claim for legal organizations

Circle - Envelop 2


Percentage of cyber attacks originating from email inbox

Circle - Skull


Average ransomware loss for legal businesses

Unique exposures for legal companies

How essential technologies can create cyber risk

Client portals

These platforms enable lawyers to securely share documents, messages, and invoices with clients. Unauthorized access of a client portal could compromise sensitive information and lead to additional cyber events.

Customer relationship management (CRM) systems

CRM systems are used to support business development activities. Containing client data and confidential corporate information, CRM systems could be compromised and leveraged for malicious purposes, resulting in a data breach.

Document management systems

These software platforms are used to store and handle a large volume of shared files. However, a compromise could expose sensitive data and cause serious disruptions due to the volume and potentially sensitive nature of the information in these systems.

eDiscovery tools

These tools can save time and effort when reviewing large volumes of information, but the potentially sensitive nature of the data means unauthorized access could have data privacy and business interruption implications.


Business email compromise (BEC) is a frequent cause of cyber insurance claims for legal organizations, which can trigger data breaches, business interruption and even reputational damage.

Law practice management software

These systems are used to manage operations, such as scheduling, billing, and payments. A breach could cause serious disruption and expose payment information, corporate confidential data, and client data.

How sensitive data can increase business liability

Corporate confidential data

Corporate law firms may have access to internal operations data, intellectual property, or trade secrets. Mishandling or leaking corporate confidential data can cause significant damage to the data owner.

Financial data

Collecting and processing financial information requires adherence to industry standards. Mishandling or unauthorized disclosure of financial data can cause direct harm to clients and even trigger industry and regulatory investigations.

Personally identifiable information (PII)

PII is any data that can potentially identify a specific person. PII can be used to launch cyber attacks or gain access to networks to initiate attacks. Organizations that mishandle PII or fail to respond to a data breach appropriately can be subject to fines, penalties, and other financial damages. 

Protected health information (PHI)

Many law firms collect or access PHI, and some operate as HIPAA business associates, which means they carry additional data protection and reporting requirements if an actual or suspected data breach occurs.

For more insights, download our complete guide:

Business impacts for legal companies

What to expect after a cyber incident

Direct costs to respond

Responding to a cyber event typically requires numerous direct costs, also known as first-party expenses. If a legal organization experiences BEC and sensitive data is involved, it can trigger a need for additional legal counsel, forensic investigation, victim remediation, and notification. Simple investigations can cost tens of thousands of dollars, while more complex matters can increase costs exponentially.

Liability to others

The evolving data privacy landscape can be difficult to navigate, and many law firms can face new and unexpected exposures after a cyber event. Even with strong contracts, policies, and best practices in place, a data breach or security failure can trigger liability to third parties and expose an organization to regulatory investigations and legal action from victims.

Business interruption and reputation damage

A cyber event that impacts essential technology can have a significant impact on a legal organization's ability to operate and can be highly visible to clients, customers, and other stakeholders. Every hour of disruption can lead to direct loss of revenue and inhibit a law firm’s ability to support clients, negatively impacting client retention and acquisition.


Beyond ransomware and data breaches, cyber events can result in financial theft for a law firm or its clients — often without an actual breach. If an attacker dupes someone in the billing department to alter payment instructions, a legal organization can lose tens or hundreds of thousands of dollars almost instantly. Attackers can also gain access to email accounts and send fraudulent invoices or payment instructions to clients, customers, and other third parties.

Recovery and restoration

After a cyber event, resuming operation is no easy task. If an attacker damages or destroys essential technology, data, or physical equipment, a legal organization may need to bring in external support or purchase new equipment to re-secure systems. Full remediation, restoration, and recovery can take a significant amount of time, when possible, and may require purchasing new software, systems, and consultants to rebuild the network.

Gray BG


Choosing the right
cyber coverage for your business

Cyber insurance is an essential aspect of modern risk management, offering coverage for the losses associated with data breaches, cyber extortion, business interruption, and other cyber-related incidents. 

Coalition created a Cyber Insurance Buyer's Guide to help businesses navigate the complex cyber insurance market and confidently select the right coverage for their business.

Cyber Insurance Buyer's Guide

Get an Active Insurance quote

Ask your cyber insurance broker about Coalition Active Cyber Insurance. Not connected with a broker? We’ll connect you with one of our trusted experts.

Already a policyholder?

Log in or activate your Coalition Control account, our policyholder risk management platform, to manage your business’s risk profile.