29%
of law firms experienced a cyber incident in the past year
$4.7M
average cost of a data breach at a law firm
62/100
average Cyber Insurance Readiness Score for law firms
41%
of law firm applications are declined or require remediation
Top Risks
Critical cyber risks for law firms
Business Email Compromise targeting trust accounts and wire transfers
Ransomware encrypting privileged client files and case management systems
Lack of MFA on remote desktop and cloud-based practice management platforms
Inadequate email authentication allowing spoofed client communications
Failure to encrypt client data at rest and in transit violating ABA Model Rule 1.6
Underwriting Failures
Why law firms get denied
These are the most common reasons cyber insurance carriers decline or require remediation from law firms before binding coverage.
No MFA on email or remote access, which is a hard-decline trigger for most carriers
Missing or misconfigured SPF, DKIM, and DMARC records on primary domains
No endpoint detection and response (EDR) deployed on attorney workstations
Lack of documented incident response plan and data breach notification procedures
Benchmark Scores
Law Firms readiness by category
Email Authentication (SPF/DKIM/DMARC)
TLS/SSL Configuration
Security Headers
DNS Security
Open Ports & Services
Overall Readiness
FAQ
Frequently asked questions
Why do law firms struggle to get cyber insurance?
Law firms hold highly privileged client data including financial records, intellectual property, and litigation strategy. Carriers view this as high-value target data. Combined with the profession's historically slow adoption of MFA, EDR, and email authentication, many firms fail minimum underwriting requirements that carriers now enforce as hard-decline triggers.
What is the most common reason a law firm gets denied cyber insurance?
The single most common denial reason is the absence of multi-factor authentication (MFA) on email and remote access systems. Over 90% of carriers now require MFA as a baseline control. Law firms that rely on password-only access to Microsoft 365 or remote desktop will be declined by virtually every major cyber insurance market.
How can a law firm improve its Cyber Insurance Readiness Score?
Start with the three controls carriers weight most heavily: deploy MFA across all email and remote access, implement EDR on every endpoint, and configure email authentication (SPF, DKIM, DMARC at p=reject). These three changes alone can move a firm from a failing score to an insurable posture within days.
Does ABA compliance help with cyber insurance applications?
ABA Model Rule 1.6 requires competent data protection, which overlaps significantly with cyber insurance underwriting requirements. Having documented policies aligned with ABA ethics opinions on technology shows carriers that the firm takes security seriously. However, ABA compliance alone is not sufficient — carriers require specific technical controls like MFA, EDR, and encrypted backups that go beyond ethical obligations.
Check your readiness in 60 seconds.
100 tools. No installation. No credit card. Real evidence carriers trust.