Law Firm Insurance: Coverage Types and Limits by Firm Size
TL;DR: Law firminsurance is a stack, not a single policy: lawyers professional liability,general liability, cyber, employment practices, workers' compensation, crime,and umbrella coverage, sized to headcount and practice mix. This guide givesrecommended limit ranges by firm size, premium benchmarks from publishedcarrier data, and the state rules on malpractice coverage. Use the coveragematrix to pressure test your current policies before renewal.
Search for law firm insuranceand the results are carrier product pages built to produce a quote request, notan answer. The question a firm owner actually has is more specific: whichpolicies does the firm need, at what limits, and what should the whole stackcost at this headcount. Carriers rarely answer that in writing because theanswer depends on underwriting, and underwriting is negotiated.
We sit on the other side of thetransaction. Our team reviews the financial statements of more than 120 lawfirms, so we see the premium lines, the gaps that surface after an incident,and the renewal increases that arrive without warning. That vantage pointshapes the recommendations below.
This guide maps the full stackof business insurance for law firms: the core coverage types, recommended limitranges by firm size, premium benchmarks from published carrier data, and thestate rules that govern malpractice coverage. Treat the ranges as startingpoints for a conversation with a broker who works with law firms, not as asubstitute for underwriting.
What Insurance Does a Law Firm Need?
Most law firms need six corepolicies: lawyers professional liability (malpractice), general liability,commercial property with business income coverage, cyber liability, workers'compensation, and employment practices liability. Firms handling client trustfunds should add crime coverage, and firms above roughly ten attorneystypically add umbrella and management liability layers.
Lawyers professional liabilityinsurance, shortened to LPL and also sold as legal malpractice insurance orattorney malpractice insurance, is the anchor. It responds to claims that thefirm's legal work fell below the standard of care, and it is written on aclaims-made basis, which means the policy in force when the claim is reportedis the one that pays. Everything else in the stack protects the business aroundthe practice rather than the practice itself.
General liability andcommercial property usually arrive bundled in a business owner's policy, orBOP. Most office leases require the general liability piece before you getkeys. Business income coverage, often included in the BOP, replaces operatingcash when a covered event closes the office, and it deserves more attentionthan it gets because law firm cashflow rarely carries months of slack.
The employment side has twocomponents. Workers' compensation is required by law inevery state except Texas once you have employees, and employment practicesliability (EPLI) covers discrimination, harassment, wrongful termination, andretaliation claims, which become a live exposure the day you hire your firstW-2 employee. Group health, dental, and vision sit outside risk transfer butland on the same financial statements, and firms averaging 50 or more full-timeequivalent employees take on coverage obligations under the IRSemployer shared responsibility provisions.
Three more policies enter atspecific triggers. Hired and non-owned auto coverage matters as soon as anyonedrives a personal car to court or client meetings, because personal autopolicies exclude business use. Crime coverage, including employee dishonestyand social engineering, becomes a priority for any firm holding client trustfunds or advancing case costs. Directors and officers coverage joins theconversation for firms with outside investors, MSO structures, or formalboards.
Law Firm Insurance Limits by Firm Size
The matrix below shows ourrecommended starting ranges by firm size. Calibrate upward for practice arearisk, client contract requirements, trust account balances, geographicexposure, and the personal assets of the partners. Limits are shown as per claim/ aggregate where that convention applies.
Coverage
Solo / micro (1-2 attorneys)
Small firm (3-10)
Mid-size (11-50)
Large (50+)
Notes
Lawyers professional liability (LPL)
$250K/$500K minimum; $500K/$1M preferred
$1M/$1M to $1M/$3M
$2M/$4M to $5M/$10M
$5M/$10M to $25M+ with excess layers
Raise for PI, mass tort, securities, IP, real estate, trusts and estates
General liability (in a BOP)
$1M per occurrence / $2M aggregate
$1M/$2M
$1M/$2M plus umbrella
$1M/$2M plus umbrella
Required by most office leases
Commercial property (in a BOP)
Contents at replacement value
Contents at replacement value
Full replacement plus tenant improvements
Full replacement plus tenant improvements
Higher if the firm owns its building
Business income
6-12 months of operating expenses
12 months
12-18 months
18-24 months
Critical for single-office firms
Cyber liability (first and third party)
$500K-$1M
$1M-$3M
$3M-$5M
$5M-$25M+
Scale with client PII volume; buy standalone
Employment practices (EPLI)
$500K-$1M once staffed
$1M/$1M
$2M/$2M to $5M/$5M
$5M-$10M+
Live exposure with any W-2 employee
Workers' compensation
Statutory
Statutory plus employer's liability $500K
Statutory plus $1M
Statutory plus $1M
Required in every state except Texas
Commercial auto / hired and non-owned auto (HNOA)
HNOA $500K-$1M
HNOA $1M
$1M auto plus HNOA
$1M auto plus HNOA and umbrella
Personal auto policies exclude business use
Umbrella / excess liability
Optional $1M
$1M-$2M
$5M-$10M
$10M-$50M+
Does not extend LPL
D&O / management liability
Generally not needed
$1M-$2M with formal governance
$2M-$5M
$5M-$25M
Outside investors, MSO structures, formal boards
Crime / employee dishonesty / social engineering
$100K-$250K
$250K-$500K
$500K-$1M
$1M-$5M
Priority for trust funds and case cost advances
Key person / buy-sell life and disability
Income replacement for the owner
$500K-$2M per partner
$2M-$10M per partner plus key person
$10M+ on rainmakers
Funds buy-sell agreements; covers revenue concentration
Two structural notes on the table. The umbrella rowsits over general liability, auto, and employer's liability only; it does notextend malpractice limits, so firms that need more LPL capacity buy a separateexcess LPL layer. And some state bars attach fidelity bond requirements tofirms holding client trust funds, so confirm the trust account rule in yourjurisdiction before assuming crime coverage alone satisfies it.
Is Malpractice Insurance Required for Lawyers?
Only Oregon and Idaho requirelawyers in private practice to carry malpractice insurance. Oregon providescoverage through its state bar's Professional Liability Fund, and Idahorequires at least $100,000 per occurrence and $300,000 aggregate. Most otherstates require attorneys to disclose their coverage status to the bar or toclients.
Oregon has run the mandatorymodel since the 1970s. Every Oregon licensee in private practice buys coveragethrough the ProfessionalLiability Fund, which provides $300,000 in aggregate limits plus a $75,000claims expense allowance at a 2026 assessment of $3,500 per licensee. Idahotook the open-market route in 2018, requiring attorneys to buy at least $100,000per occurrence and $300,000 aggregate from a commercial carrier as acondition of licensure.
Everywhere else, the mechanismis disclosure rather than mandate. At least 27states have adopted some form of insurance disclosure requirement, eitheron annual bar registration statements or directly to clients, according to ABAStanding Committee on Client Protection data. Going without coverage is legalin most jurisdictions, but it is visible.
The compliance questionundersells the exposure. Plaintiff personal injury work has consistently rankedamong the most frequently claimed practice areas in the ABA's quadrennial Profile ofLegal Malpractice Claims, and defense costs accrue even when the underlyingclaim fails. Priced against those odds, malpractice insurance for lawyersfunctions less like an option and more like a cost of licensure. Theclaims-made structure adds a discipline requirement: keep coverage continuous,because a lapse can erase protection for every prior year of work, and buy tailcoverage, an extended reporting endorsement, when the firm dissolves or anattorney departs.
How Much Does Law Firm Insurance Cost?
A typical attorney pays $2,500to $3,500 per year for lawyers professional liability coverage at commonlyaccepted limits. Beyond malpractice, published carrier data puts average lawfirm costs near $350 per year for general liability, roughly $620 for workers'compensation, and about $2,100 for cyber liability.
The malpractice line has thewidest spread. ALPSputs the per-attorney range at $500 for a new attorney with no prior actsup to $6,500 for higher-risk practice areas with years of retroactive coverage,with $2,500 to $3,500 as the typical band. First-year pricing runs low bydesign: carriers use step rating, which raises the premium each year forroughly the first five to seven years as prior-acts exposure accumulates, sobudget to the mature rate rather than the introductory one.
At the firm level, malpracticecoverage for a firm of two to ten attorneys generally runs $5,000 to $20,000per year, and firms above ten attorneys commonly pay $20,000 to $100,000 ormore depending on practice mix, limits, and claims history. Practice area isthe single biggest variable, followed by location, deductible, and revenue.
The rest of the stack costsless but adds up. Insureon'spublished figures for lawyers average $29 per month for general liability,$57 per month for a BOP, $52 per month for workers' compensation, and $175 permonth for cyber coverage. Add every line together at renewal and evaluate thetotal cost of risk against revenue, the same way you would evaluate any otheroperating category.
Cyber Insurance for Law Firms: The LPL Rider Is Not Enough
Law firms concentrate exactlywhat attackers want: client identities, financial records, deal information,and standing instructions to move money. In the ABA's 2023Legal Technology Survey, 29% of responding attorneys reported that theirfirm had experienced a security breach at some point, and another 19% could notsay whether it had. IBM's Costof a Data Breach Report puts the average cost of a US breach at $10.22million, a figure that includes detection, notification, lost business, andregulatory response.
Many firms believe they alreadyhave cyber coverage because their LPL policy includes an endorsement. Thatendorsement is usually capped at $25,000 to $50,000, which does not coverforensic investigation, client notification, credit monitoring, business interruption,and ransom response at real-world scale. A standalone policy with bothfirst-party coverage for your own losses and third-party coverage for claimsfrom affected clients is the working standard.
Buy it before the incident, andexpect the application to function as a security audit. Carriers now conditionpricing and renewal on multi-factor authentication, endpoint detection andresponse, a documented incident response plan, and security awareness training.Firms missing those controls face higher premiums or a declined renewal.
One gap deserves specificattention from any firm managing client trust accounts: fraudulent wireinstructions. Losses from social engineering often fall under the crime policyrather than the cyber policy, and sublimits vary widely, so confirm in writingwhich policy responds to an email-initiated fraudulent transfer and at whatlimit. Accurate IOLTAtrust accounting and dual controls on disbursements reduce the odds youever test that coverage, and they protect the firm's standing with clients andthe bar.
Which Practice Areas Need Higher Law Firm Insurance Limits?
Personal injury, mass tort,real estate, securities, IP, and trusts and estates work carry the highestmalpractice exposure, so law firm insurance limits should scale up when thosematters make up most of the caseload. Criminal defense, immigration, and familylaw generally support minimum-tier limits at equivalent headcount.
Contingency practicesconcentrate risk in ways hourly firms do not. Case values are large, misseddeadlines are unforgiving, and the firm's own balance sheet carries advancedclient costs that grow with the docket. When contingency injury or masstort work leads the caseload, we recommend pushing LPL to $5 million or moreand raising crime and social engineering limits to $1 million or more, becausethe same account that pays case expenses is a target for fraudulentdisbursement requests.
Trusts and estates carries adifferent problem: time. Claims often surface years after the work, sometimesafter the responsible attorney has retired, which makes continuous coverage andextended reporting periods more important than raw limits. Real estate,securities, and IP practices have historically paid the highest LPL premiums,and carriers price that history into every renewal.
Lower-risk practice areas earnreal savings. Criminal defense, immigration, and family law firms can typicallydefend minimum-tier limits, and redirecting part of the premium differencetoward standalone cyber coverage is often the better risk trade at those firms'data volumes.
The Insurance Mistakes We See on Law Firm Financials
The most expensive mistake is alapse on a claims-made policy. Because the policy in force when a claim isreported is the one that responds, a gap in coverage can eliminate protectionfor prior years of work, and retroactive coverage to repair the gap is costlywhen it is available at all. Continuous coverage is the discipline that mattersmore than any individual limit.
Three more patterns repeatacross the firms we review. Owners assume the umbrella policy extendsmalpractice limits when it does not. Firms rely on the small cyber endorsementinside the LPL policy well past the point their data volume justifies a standalonepolicy. And firms dissolve, merge, or lose a senior attorney without buyingtail coverage, which leaves the departing work uninsured the day the policyends.
The last pattern is a reportingproblem rather than a coverage problem. Premiums scatter across the financialstatements, some in occupancy, some in payroll costs, some in general overhead,so nobody sees the total cost of risk in one place. Controller-levelbookkeeping consolidates those lines, which turns renewal season into asingle decision: this is what the firm pays to transfer risk, and this is whatthat number should buy. Reviewed annually next to the Critical Four, theinsurance stack stops being a pile of invoices and becomes a managed line.
Where This Fits in Your Financial Plan
Three takeaways. Insurance forlaw firms is a stack sized to headcount and practice mix, not a singlemalpractice policy. Limits should scale with the risk actually on the books,especially for contingency and trust-heavy practices. And the claims-made structurerewards continuity, so treat renewal as a planning event, not an invoice.
We currently support more than120 law firms, and our fractionalCFO teams put the total cost of risk on the planning calendar next torevenue, margin, and cash. If you want a second set of eyes on your coveragestack before your next renewal, schedule aconsultation with Law FirmVelocity.
Frequently Asked Questions
Do lawyers need malpractice insurance if their statedoes not require it?
As a practical matter, yes.Only Oregon and Idaho mandate coverage, but at least 27 states requireattorneys to disclose their coverage status to the bar or to clients, so goingwithout is visible to the people deciding whether to hire you. Claim frequencydata from the ABA's Profile of Legal Malpractice Claims shows exposure acrossevery practice area, and defense costs accrue even when claims fail.
What does a business owner's policy (BOP) cover for alaw firm?
A BOP bundles generalliability, commercial property, and usually business income coverage into onepolicy. For law firms, Insureon reports an average BOP cost of $57 per month at$1 million per occurrence and $2 million aggregate limits. It does not includemalpractice, cyber, workers' compensation, or employment practices coverage,which are purchased separately.
Does an umbrella policy cover legal malpracticeclaims?
No. A commercial umbrella sitsover general liability, commercial auto, and employer's liability, and it doesnot extend lawyers professional liability limits. Firms that need moremalpractice capacity buy a separate excess LPL layer above the primary policy.
What is tail coverage and when does a law firm needit?
Tail coverage, formally anextended reporting period or ERP, lets a firm report claims after a claims-madepolicy ends for work performed while the policy was in force. The ABA StandingCommittee on Lawyers' Professional Liability recommends it when a firm closes,merges, or changes carriers, and when an attorney retires or departs. Withoutit, prior work goes unprotected the day the policy expires.
How much cyber insurance does a law firm need?
Solo and micro firms shouldcarry $500,000 to $1 million in standalone cyber limits, small firms $1 millionto $3 million, and mid-size firms $3 million to $5 million or more. The driveris the volume of client personal information and funds movement the firmhandles. With the average US breach costing $10.22 million per IBM's Cost of aData Breach Report, the small endorsement inside a malpractice policy is not asubstitute.

