McDade Insurance Brokerage Blog

7 Insurance Mistakes New Law Firm Owners Make | McDade

Written by Dallas M.L. Downey, CLCS | Jul 7, 2026 2:29:02 PM
Law Firm Risk, Explained

Seven insurance mistakes new law firm owners make in the first three years.

  • By Dallas Downey, CLCS
    Published July 2, 2026
  • Business Insurance

You left the big firm to build something meaningful, and every job the big firm did quietly became yours. These are the seven coverage gaps we find most often when we review new Houston firms, with the fix for each one.

The answer

Most new firm owners are underprotected in the same seven places. The malpractice policy is asked to do jobs it was never built for, cyber and employment coverage lag the firm's growth, and nobody reads the policies as one program. Every one of the seven has a fix that costs a meeting, not a crisis.

Mistake one

Assuming the malpractice policy covers a breach

Legal professional liability responds when your legal work is alleged to have harmed a client. A data breach is not that claim. The forensic investigation, breach counsel, client notification, and lost billable time all land outside the malpractice contract, and the American Bar Association's technology survey found about 1 in 3 firms have already experienced a security incident.

The assumption survives because both policies came from the same renewal season and nobody ever walked the boundary between them.

The fix

Carry a standalone cyber policy and have the seam between it and your malpractice coverage read on paper. We mapped the full boundary at law firm cyber insurance.

Mistake two

Buying cyber without the social engineering endorsement

When an employee is tricked into voluntarily sending a wire, some policies read the loss as an authorized payment rather than a covered intrusion, and courts have upheld denials on exactly that reasoning. The FBI logged nearly $2.8 billion in business email compromise losses in 2024 alone.

Law firms are prime targets because settlements are public record. The criminal often knows the case, the parties, and the wire window before the call is ever placed.

The fix

Confirm a social engineering fraud endorsement is on the policy and that its sublimit reflects the largest wire your firm actually sends. The full anatomy of the scam lives at social engineering fraud for law firms.

Mistake three

Letting EPLI limits freeze at founding headcount

Employment practices limits are sized around the firm you were on the day the application was signed. Then the firm adds attorneys, staff, and a partnership change or two, and the old number renews itself for years.

The claim, when it arrives, is priced at today's firm. The limit still remembers the smaller one.

The fix

Tie the limit to current headcount once a year, and re read it at every partnership transition. The pattern and the review checklist live at law firm EPLI.

Mistake four

Skipping workers compensation because Texas does not require it

Texas lets most private employers choose whether to subscribe to workers compensation. Plenty of new firm owners read that as permission to skip it, without pricing what non subscriber status actually means when a staff injury turns into a lawsuit the firm defends with its own money.

The decision deserves numbers, not a default in either direction.

The fix

Get the subscription decision priced both ways before you make it. Our Texas workers compensation page walks the decision, and the review is free.

Mistake five

Signing the office lease without reading its insurance clause

Commercial leases assign risk. Many make the tenant responsible for the buildout, require specific general liability limits, and demand the landlord be named on the policy. Owners often discover those requirements at renewal or, worse, at claim time.

The lease and the policy are two halves of one agreement, and they are rarely read together.

The fix

Send us the lease insurance clause with the policy. A business owners policy structured to the lease closes the gap in one pass.

Mistake six

Running wires without a verification procedure

This is the only mistake on the list that costs nothing to fix. A callback to a number already in your file, dual authorization on trust account wires, and a standing rule that payment instructions never change by email alone defeat most wire fraud outright.

Carriers increasingly expect these controls, and some condition or price the social engineering endorsement on them.

The fix

Write the three rules down, train them once a year, and tell your carrier you follow them. The seven checks your team can run on any message live at is this email real.

Mistake seven

Renewing on price instead of reading the program once a year

Renewal season answers one question, what does it cost this year. It never re asks the questions the policies exist to answer. Has the firm grown, have the wires gotten bigger, has the partnership changed, and do the contracts still meet at the seams.

Each policy renewing cleanly on its own calendar is exactly how a program drifts out of alignment while every invoice looks fine.

The fix

Put one annual review on the calendar where every policy is read together as one program. That is the whole discipline, and it is the broker’s job to bring it up. Start at Houston law firm insurance.

Every one of these mistakes is reasonable in year one. The firms that get hurt are the ones still making them in year five.

Dallas Downey, CLCS, Commercial Lines and Workers Compensation Specialist

Sources worth opening before you decide.

This article uses public source material from the American Bar Association and the FBI Internet Crime Complaint Center.

The purpose is to help you ask better questions before claim time. Statistics describe the pattern. Your exposure is set by your records, your wires, and your headcount, which is why the review reads your documents rather than quoting averages.

Questions firm owners ask.

What insurance does a new law firm need in Texas?

Most new firms start with legal professional liability, then add a standalone cyber policy with social engineering fraud coverage, a business owners policy or general liability and property shaped to the office lease, and workers compensation as staff grows. Employment practices liability enters as headcount rises. The order matters less than the coordination, because the policies have to meet at the seams.

When should a new firm add cyber insurance?

The day the firm holds client data or moves client funds, which for most firms is day one. The exposure does not wait for scale. A small firm's breach is smaller in dollars but identical in duties, and the notification obligations arrive whether or not a policy is there to fund them.

Is workers compensation required for Texas law firms?

Texas allows most private employers to choose whether to subscribe. Choosing not to subscribe removes certain legal protections and leaves injury claims to be defended and paid by the firm. The right answer depends on staff size, payroll, and risk tolerance, so price the decision both ways before making it.

How often should a law firm review its insurance program?

Once a year as a full program read, and again at every partnership change, office move, or jump in headcount or wire size. About 40 percent of the time we tell clients to stay with their current carrier because that is the right answer. The review exists to know, not to churn.

What Houston clients say.

 
Panel only seen by widget owner
The Next Step

Seven gaps. One review.

Send us the policies you carry today. We will read them as one program, check each of the seven against your documents, and walk you through the seams in plain English before a claim finds them first.

Commercial reviews route to our commercial desk and follow your calendar, not ours. Local broker. National infrastructure.