Skip to content

Commercial Coverage for Law Firms

Coverage Engineered for the Firm You Built

You went from practicing law to running a law firm. The malpractice policy came with the territory. The rest of the risk program rarely does. We read the contracts together so the firm is protected the way you thought it already was.

Independent Texas brokerage serving Houston, Spring, The Woodlands, and the greater Houston metro. Local broker. National infrastructure.

From Owner Operator to Business Owner

Nobody Hands You a Risk Department on the Way Out the Door

At the big firm, someone else handled the day to day. Payroll ran. Coverage renewed. Problems had owners. Then you launched out to build something meaningful, and every one of those jobs became yours.

We understand that transition because we lived it. This brokerage was built after leaving a large agency where the infrastructure was somebody else's responsibility. The move from practicing your craft to owning the whole operation changes what risk means. It is no longer a line item. It is the thing standing between your family and everything the firm carries.

You became the leader you wish you had. Protecting what you built is now part of the job.

Most growing firms we review carry strong malpractice coverage and a collection of policies that were never read as one program. The gaps live in the seams between them. That is where we work. Our founder wrote about making the same jump, and what it teaches about protecting what you build, in from lawyer to law firm owner.

Where Growing Firms Get Hurt

The Five Gaps of the New Firm Owner

Five patterns show up again and again when we review law firm programs across the Houston metro. None of them shows up on a renewal invoice. All of them show up at claim time.

Gap One

Malpractice Without Standalone Cyber

Legal professional liability responds when your legal work harms a client. It was never built to fund the forensic investigation, breach notification, and business interruption that follow a data breach. Those costs land outside the policy unless a standalone cyber contract carries them.

Read where the malpractice policy stops

Gap Two

Cyber Without Social Engineering Fraud Coverage

When an employee is tricked into voluntarily sending a wire, some policies treat it as an authorized transfer rather than a hack. Coverage usually requires a specific endorsement with its own sublimit. Owning a cyber policy is not the same as owning this endorsement.

Read the full anatomy of the scam

Gap Three

EPLI Limits Frozen at an Old Headcount

Employment practices limits are usually sized around the firm you were when the policy was written. Add attorneys, add staff, change the partnership, and the exposure grows while the limit stands still. The mismatch surfaces at claim time, not before.

See how the headcount gap forms

Gap Four

Trust Account and Fiduciary Exposure Nobody Mapped

Client funds move through your accounts on predictable schedules, and the details often sit in public court records. That combination makes firms a target, and it raises bond and fiduciary questions most owners have never been walked through.

Understand bonds and fiduciary duties

Gap Five

Renewal Conversations Instead of a Program

Each policy renews on its own calendar with its own carrier. Nobody reads them together, so nobody knows which contract responds first, where the sublimits sit, or what falls in the seams. Coordination is the broker's job. If it is not happening, that is a gap.

See coverage engineered for operations

Law Firm Coverage, The McDade Way

Direct Answers for Firm Owners

What insurance does a Houston law firm need?

A Houston law firm typically needs legal professional liability, a standalone cyber policy with social engineering fraud coverage, general liability and property or a business owners policy, workers compensation as the staff grows, and employment practices liability as headcount rises. The policies need to be coordinated so each one responds in the right order at claim time.

What is social engineering fraud?

Social engineering fraud is a scam where a criminal poses as a trusted party, often a bank, a client, or opposing counsel, and tricks an employee into voluntarily wiring money or paying a fake invoice. Because the employee authorized the transfer, standard crime and cyber forms may not respond without a specific endorsement.

Why are law firms targeted for wire fraud?

Law firms move settlement funds on predictable timelines, and much of the underlying information is public record at the courthouse. A criminal who knows the case, the parties, and the settlement window can impersonate a bank or a party convincingly. That is why verification procedures and the right endorsement both matter.

The Pattern, Step by Step

How the Fake Bank Already Knew the Settlement

This is not a hacking story. Nothing gets breached. Someone gets convinced. Here is how the pattern actually runs.

  1. The docket is public

    Case details, parties, and settlement timing sit in courthouse records that anyone can read. Your win is announced before your wire ever moves.

  2. The research is easy

    The criminal learns the firm, the client, the amount in play, and roughly when the money moves. None of it required breaking into anything.

  3. The call sounds right

    Someone posing as the bank, or as opposing counsel, reaches out with details only an insider should know and asks to confirm updated wire instructions. Urgency is part of the script.

  4. The wire goes out

    An employee authorizes the transfer in good faith. Because the transfer was authorized, some policies read it as a voluntary payment rather than a covered intrusion. That single word, voluntary, decides whether the loss is insured.

  5. The window closes fast

    Federal recovery teams froze funds in 66 percent of the fraudulent wire cases reported to them quickly in 2024. The money in the remaining cases was largely gone. Speed of reporting, and the endorsement on your policy, decide what happens next.

We have watched this exact pattern reach Houston area businesses, including our own commercial clients. The coverage answer is a social engineering fraud endorsement sized to the wires your firm actually sends, paired with a callback verification procedure your team never skips. We tell one of these scams start to finish in your settlement is public record, and the June 2026 wave that reached the country’s largest firms is covered in the fake IT call.

The Evidence

The Numbers Behind the Pattern

$16.6 Billion

Losses reported to the FBI Internet Crime Complaint Center in 2024, a record year, up 33 percent from the year before.

Source: FBI IC3 2024 Internet Crime Report
$2.8 Billion

Reported business email compromise losses in 2024 across 21,442 complaints, the second costliest crime category the FBI tracks.

Source: FBI IC3 2024 Internet Crime Report
1 in 3

Share of law firms reporting a security breach at some point, with about 19 percent more unsure whether one had ever occurred.

Source: ABA 2023 Legal Technology Survey Report

The question that matters is not a survival statistic. It is reserve math. Weigh an uninsured six figure wire loss, plus forensic costs, plus the billable hours a response consumes, against the cash a growing firm actually keeps on hand. That is the exposure a coordinated program is built to carry. The broader threat list, ranked by the money each one actually moves, lives at the six cyber threats costing businesses money in 2026.

Your Commercial Specialist

Reviewed With a Commercial Lens, Not a Renewal Calendar

Commercial reviews at McDade route to Dallas Downey, CLCS, our commercial lines and workers compensation specialist. Dallas reads legal professional liability, cyber, employment practices, and the rest of the program as one document set, because that is how the policies behave at claim time.

The review is a document review, not a sales pitch. You will see where each contract starts, where it stops, and which seams matter for a firm your size. If the program you have is structured well, we will tell you exactly that.

The Coordinated Program

One Program, Read Together

A law firm program is not a stack of policies. It is a sequence. Each line below has a job, and the seams between them are where we spend our time.

Coverage The Job It Does Read More
Legal Professional Liability Responds when your legal work is alleged to have harmed a client. The foundation of the program, and the policy whose limits everything else protects. Professional Liability
Cyber Liability Funds breach forensics, notification, regulatory defense, and business interruption so those costs never touch your malpractice limits. Law Firm Cyber
Social Engineering Fraud Endorsement Responds when an employee is deceived into authorizing a payment. Carries its own sublimit, which must be sized to the wires the firm actually sends. Social Engineering Fraud
Employment Practices Liability Covers wrongful termination, discrimination, and harassment claims. Limits should track headcount and partnership changes, not the year the policy was first written. Law Firm EPLI
Office Package or BOP General liability and property for the office itself, from a client slip in the lobby to the buildout your lease makes you responsible for. Business Owners Policy
Workers Compensation Covers your staff as the firm grows, with Texas subscription decisions and class codes handled by a specialist rather than a default. Workers Compensation
Bonds and Fiduciary Court bonds, fiduciary bonds, and notary bonds for the matters and roles your practice touches. Texas Surety Bonds

Questions Firm Owners Ask

Law Firm Coverage Questions, Answered Plainly

Does professional liability insurance cover a cyber breach at my law firm?

Usually not. Legal professional liability responds to claims that your legal work harmed a client. The forensic investigation, breach notification, credit monitoring, and lost billable time that follow a breach typically fall outside that policy. A standalone cyber policy is built to carry those costs. The two contracts have to be read together so cyber responds first and your professional liability limits stay intact.

What is social engineering fraud coverage and why do law firms need it?

Social engineering fraud coverage responds when someone at the firm is tricked into voluntarily sending money, often by a caller or an email posing as a bank, a client, or opposing counsel. Because the transfer was authorized by an employee, many crime and cyber forms treat it differently than a hack. Coverage usually comes through a specific endorsement with its own sublimit. We confirm the endorsement is on the policy and the sublimit fits the size of the wires your firm actually sends.

We already have cyber insurance. Are wire transfer scams covered?

Not automatically. If an employee is deceived into sending a wire, some policies treat that as an authorized transfer rather than a computer intrusion, and federal appeals courts, including the Fifth Circuit that covers Texas, have upheld coverage denials on that reasoning. The fix is usually a social engineering fraud or fraudulent instruction endorsement. It is a document question, so we read the form rather than guess.

What does ABA Formal Opinion 483 require after a law firm data breach?

ABA Formal Opinion 483 addresses a lawyer's obligations after an electronic data breach, including the duty to take reasonable steps to respond and to notify current clients when material client information is compromised. Texas lawyers also carry confidentiality duties under the disciplinary rules. Breach counsel, notification, and response costs are exactly what a well structured cyber policy is designed to fund.

How much cyber insurance does a small or mid size law firm need?

It depends on the data you hold, the size of the funds you move, and the contracts you sign. A firm wiring six figure settlements carries a different exposure than a firm that never touches client funds. We size limits against your trust account activity, your practice areas, and the real cost of forensics and notification rather than defaulting to the smallest option on the quote.

Our EPLI limits were set years ago. Does headcount matter?

Yes. Employment practices limits are usually priced and sized around the headcount and structure the firm had when the policy was written. Firms that have added attorneys and staff, or gone through partnership changes, often carry limits that no longer reflect the exposure. A short annual review ties the limit back to the firm you run today.

What insurance does a new law firm owner need in Texas?

Most new firm owners start with legal professional liability, then add cyber with social engineering fraud coverage, a business owners policy or general liability and property, and workers compensation as the staff grows. Employment practices liability enters the picture as headcount rises. The order matters less than the coordination, so one broker should be reading all of the contracts together.

Will McDade replace our current broker or just review what we have?

We start with a review, not a replacement. About 40 percent of the time we tell clients to stay with their current carrier because that is the right answer. If the program is structured well, you will hear that from us. If there is a gap, you will see it in the documents before claim time, and the decision stays with you.

Proof From the People We Serve

What Houston Clients Say

 
Panel only seen by widget owner

The Next Step

Protect What You Worked Tirelessly to Build

Send us the program you have. We will read every contract, show you where each one starts and stops, and walk you through the seams in plain English. If it is structured well, you will hear that from us. The decision stays with you.

Commercial reviews route to our commercial desk and follow your calendar, not ours.