7 Insurance Mistakes New Law Firm Owners Make | McDade
Seven insurance mistakes new law firm owners make in the first three years.
- By Dallas Downey, CLCS
Published July 2, 2026 - Business Insurance
You left the big firm to build something meaningful, and every job the big firm did quietly became yours. These are the seven coverage gaps we find most often when we review new Houston firms, with the fix for each one.

The answer
Most new firm owners are underprotected in the same seven places. The malpractice policy is asked to do jobs it was never built for, cyber and employment coverage lag the firm's growth, and nobody reads the policies as one program. Every one of the seven has a fix that costs a meeting, not a crisis.
Assuming the malpractice policy covers a breach
Legal professional liability responds when your legal work is alleged to have harmed a client. A data breach is not that claim. The forensic investigation, breach counsel, client notification, and lost billable time all land outside the malpractice contract, and the American Bar Association's technology survey found about 1 in 3 firms have already experienced a security incident.
The assumption survives because both policies came from the same renewal season and nobody ever walked the boundary between them.
Carry a standalone cyber policy and have the seam between it and your malpractice coverage read on paper. We mapped the full boundary at law firm cyber insurance.
Buying cyber without the social engineering endorsement
When an employee is tricked into voluntarily sending a wire, some policies read the loss as an authorized payment rather than a covered intrusion, and courts have upheld denials on exactly that reasoning. The FBI logged nearly $2.8 billion in business email compromise losses in 2024 alone.
Law firms are prime targets because settlements are public record. The criminal often knows the case, the parties, and the wire window before the call is ever placed.
Confirm a social engineering fraud endorsement is on the policy and that its sublimit reflects the largest wire your firm actually sends. The full anatomy of the scam lives at social engineering fraud for law firms.
Letting EPLI limits freeze at founding headcount
Employment practices limits are sized around the firm you were on the day the application was signed. Then the firm adds attorneys, staff, and a partnership change or two, and the old number renews itself for years.
The claim, when it arrives, is priced at today's firm. The limit still remembers the smaller one.
Tie the limit to current headcount once a year, and re read it at every partnership transition. The pattern and the review checklist live at law firm EPLI.
Skipping workers compensation because Texas does not require it
Texas lets most private employers choose whether to subscribe to workers compensation. Plenty of new firm owners read that as permission to skip it, without pricing what non subscriber status actually means when a staff injury turns into a lawsuit the firm defends with its own money.
The decision deserves numbers, not a default in either direction.
Get the subscription decision priced both ways before you make it. Our Texas workers compensation page walks the decision, and the review is free.
Signing the office lease without reading its insurance clause
Commercial leases assign risk. Many make the tenant responsible for the buildout, require specific general liability limits, and demand the landlord be named on the policy. Owners often discover those requirements at renewal or, worse, at claim time.
The lease and the policy are two halves of one agreement, and they are rarely read together.
Send us the lease insurance clause with the policy. A business owners policy structured to the lease closes the gap in one pass.
Running wires without a verification procedure
This is the only mistake on the list that costs nothing to fix. A callback to a number already in your file, dual authorization on trust account wires, and a standing rule that payment instructions never change by email alone defeat most wire fraud outright.
Carriers increasingly expect these controls, and some condition or price the social engineering endorsement on them.
Write the three rules down, train them once a year, and tell your carrier you follow them. The seven checks your team can run on any message live at is this email real.
Renewing on price instead of reading the program once a year
Renewal season answers one question, what does it cost this year. It never re asks the questions the policies exist to answer. Has the firm grown, have the wires gotten bigger, has the partnership changed, and do the contracts still meet at the seams.
Each policy renewing cleanly on its own calendar is exactly how a program drifts out of alignment while every invoice looks fine.
Put one annual review on the calendar where every policy is read together as one program. That is the whole discipline, and it is the broker’s job to bring it up. Start at Houston law firm insurance.
Every one of these mistakes is reasonable in year one. The firms that get hurt are the ones still making them in year five.
Dallas Downey, CLCS, Commercial Lines and Workers Compensation Specialist
Sources worth opening before you decide.
This article uses public source material from the American Bar Association and the FBI Internet Crime Complaint Center.
The purpose is to help you ask better questions before claim time. Statistics describe the pattern. Your exposure is set by your records, your wires, and your headcount, which is why the review reads your documents rather than quoting averages.
Keep reading, then read your policy.
Questions firm owners ask.
What insurance does a new law firm need in Texas?
Most new firms start with legal professional liability, then add a standalone cyber policy with social engineering fraud coverage, a business owners policy or general liability and property shaped to the office lease, and workers compensation as staff grows. Employment practices liability enters as headcount rises. The order matters less than the coordination, because the policies have to meet at the seams.
When should a new firm add cyber insurance?
The day the firm holds client data or moves client funds, which for most firms is day one. The exposure does not wait for scale. A small firm's breach is smaller in dollars but identical in duties, and the notification obligations arrive whether or not a policy is there to fund them.
Is workers compensation required for Texas law firms?
Texas allows most private employers to choose whether to subscribe. Choosing not to subscribe removes certain legal protections and leaves injury claims to be defended and paid by the firm. The right answer depends on staff size, payroll, and risk tolerance, so price the decision both ways before making it.
How often should a law firm review its insurance program?
Once a year as a full program read, and again at every partnership change, office move, or jump in headcount or wire size. About 40 percent of the time we tell clients to stay with their current carrier because that is the right answer. The review exists to know, not to churn.
What Houston clients say.
Seven gaps. One review.
Send us the policies you carry today. We will read them as one program, check each of the seven against your documents, and walk you through the seams in plain English before a claim finds them first.
Commercial reviews route to our commercial desk and follow your calendar, not ours. Local broker. National infrastructure.
By