Law firm insurance is not complicated — but most attorneys are wrong about at least one important detail of their coverage. They think their malpractice policy covers situations it does not. They have no general liability policy. They have never heard of cyber liability insurance, despite storing every client's confidential information on internet-connected systems.
This guide covers every insurance policy a law firm needs, what each one actually covers, and what to watch out for when buying.
Professional Liability Insurance (Malpractice)
Professional liability insurance — almost always called malpractice insurance in the legal context — covers claims that arise from your professional services: errors, omissions, negligent advice, missed deadlines, conflicts of interest, and similar professional failures.
This is the non-negotiable baseline. Most state bars require it. Most clients of any sophistication ask about it. And without it, a single malpractice claim can wipe out the firm's assets and your personal assets depending on your business structure.
Claims-Made vs Occurrence Policies
The most important technical distinction in malpractice insurance: claims-made vs occurrence coverage.
A claims-made policy covers claims that are both made and reported during the policy period. If you did work in 2024, the policy expires in 2025, and a client files a claim in 2026 — you are not covered. You need either continuous coverage or tail coverage (also called "extended reporting period" coverage) to be protected for prior work after the policy ends.
An occurrence policy covers claims that arise from incidents that occurred during the policy period, regardless of when the claim is filed. Occurrence policies are more expensive but provide permanent coverage for work done during the coverage period without requiring tail coverage.
Most law firm malpractice policies are claims-made. When you change carriers or retire, buy the tail coverage. The tail typically costs 200 to 250% of the annual premium for permanent coverage — expensive, but the alternative is uninsured exposure on potentially years of prior work.
Typical Premium Ranges (2026)
- Solo practitioner, low-risk practice area (estate planning, business transactions): $1,500 to $3,500/year
- Solo practitioner, moderate-risk practice area (family law, employment, real estate litigation): $2,500 to $6,000/year
- Solo practitioner, higher-risk practice area (securities, class action, complex civil litigation): $5,000 to $15,000+/year
- Small firm (3-5 attorneys): $8,000 to $30,000+/year depending on practice area and claims history
Policy Limits
Standard limits for solo practitioners: $1M per claim / $3M aggregate. For small firms: $2M per claim / $4M aggregate. These are starting points — your practice area and the size of matters you handle should inform whether these limits are adequate. A firm handling $10M real estate transactions should carry significantly higher limits than a firm doing $2,500 uncontested divorces.
General Liability Insurance
General liability insurance covers third-party bodily injury and property damage claims — not professional services, but physical incidents. A client slips in your office. You damage a client's property. A visitor is injured at a firm event. Your malpractice policy does not cover any of these.
If you have a physical office where clients or others visit: general liability is required. If you are fully virtual with no client-facing physical space: it is still advisable but less urgent.
Annual premiums for a solo or small firm GL policy: $500 to $1,500/year. Often bundled with property insurance in a Business Owner's Policy (BOP).
Cyber Liability Insurance
This is the most undercarried insurance in the legal profession. Law firms store an extraordinary volume of sensitive client data: financial records, health information, personal communications, business strategies, legal strategies. A single data breach at a law firm can expose hundreds of clients to identity theft, regulatory action, and civil liability.
Cyber liability insurance covers: breach response costs (forensic investigation, client notification), regulatory fines, credit monitoring for affected clients, ransomware recovery, and third-party liability claims from clients whose data was compromised.
The cost: $500 to $3,000/year for a solo or small firm, depending on your data volume and security posture. Given that the average cost of a data breach notification for a small firm (legal fees, notification, monitoring) runs $50,000 to $150,000, this is among the highest-ROI insurance policies a law firm can carry.
Cyber liability is increasingly required by legal tech vendors and malpractice carriers as a condition of coverage or discounting. It is also explicitly required by several state bar ethics opinions that address attorney data security obligations under Rule 1.6.
Workers' Compensation
If you have employees — including part-time staff — most states require workers' compensation coverage. It covers medical expenses and lost wages for employees injured during the course of employment. Failure to carry required workers' comp coverage can result in regulatory fines and personal liability for employee injury costs.
Solo practitioners with no employees are exempt in most states. The moment you hire your first W-2 employee, check your state's requirements. Premiums vary significantly by state — budget $500 to $2,000 per year per employee as a rough baseline.
Employment Practices Liability (EPLI)
Employment Practices Liability Insurance covers claims made by employees or applicants for discrimination, harassment, wrongful termination, retaliation, and similar employment-related disputes. As a small employer, these claims are a real risk even with good intentions — and the defense costs alone (separate from any settlement) can run $50,000 to $150,000.
For firms with two or more employees: EPLI is worth carrying. Annual premiums for small firms: $800 to $3,000. Often available as a rider to the general liability or BOP policy.
Business Owner's Policy (BOP)
A BOP bundles general liability and commercial property insurance into one policy, typically at a lower combined premium than buying them separately. If you have a physical office with equipment (computers, furniture, files), a BOP simplifies your coverage and fills the property damage gap that neither malpractice nor general liability addresses.
Annual BOP premiums for a small law firm office: $1,200 to $3,500/year.
What Most Attorneys Get Wrong About Their Coverage
Assuming malpractice covers everything. It does not. Malpractice covers professional services liability. Slip-and-fall in your office is GL. Data breach is cyber liability. Employee discrimination claim is EPLI. Each risk requires separate coverage.
Not reviewing the retroactive date on claims-made policies. The retroactive date on a claims-made policy determines how far back in time the coverage applies. If your retroactive date is the inception date of your current policy, you have no coverage for prior work. When switching carriers, confirm that the new policy's retroactive date matches your prior carrier's inception date, or buy tail coverage from the prior carrier.
Undervaluing cyber coverage because they have "never had a breach." The firms that have never had a breach are the ones who have never been targeted yet. Data security incidents are not a matter of whether — they are a matter of when and severity. The firms with cyber coverage recover in weeks. The ones without it sometimes do not recover.
Insurance is the protection layer for when the firm's systems fail. The operational layer — intake, client communication, billing, follow-up — is what determines whether the firm runs at peak efficiency the rest of the time. If you want to see what building those systems looks like for your firm, book a free audit call.