Cyber insurance for a law firm — Chubb for traditional, Hiscox for solo, Coalition for tech-forward. Here's why.

The short answer

Three carriers dominate law-firm cyber in 2026, and they split clean by firm shape:

• Chubb — modal pick for mid-to-large traditional firms (roughly 25 attorneys and up). Their Lawyers Professional Liability book gives them the underwriting context other cyber-first carriers lack. AM Best A++ paper clears bank and corporate-client RFP requirements that newer carriers don't.
• Hiscox — modal pick for solo and small firms (1–10 attorneys). Their small-business cyber product is purpose-built for sub-50-employee buyers and is consistently the cheapest credible quote at this end.
• Coalition — modal pick for tech-forward firms — e-discovery-heavy, cloud-native, immigration/IP boutiques running on G-Suite + ClickUp + Slack. Coalition's continuous attack-surface monitoring fits the use case in a way the legacy carriers don't.

Three situations where you'd pick something else:

• You've had a prior cyber claim or remediation incident — Pick Cowbell. They underwrite based on observed risk posture more than claims history, and they're often the only quote you get post-incident.
• You bundle your professional liability and cyber with one carrier — Pick Travelers. Their Wrap+ combines lawyers PL and cyber on one paper, useful for firms whose existing PL is already with Travelers.
• You're a multi-office firm with complex matter-management software — Pick Hartford. Their cyber product is more flexible on declared software and vendor lists than Chubb's standard form.

Regardless of carrier, four things matter more than the headline premium. Detail below.

Why law-firm cyber is structurally different

Law firms sit on three exposures no other vertical combines:

1. Client confidentiality under ABA Model Rule 1.6.

Rule 1.6(c) requires every lawyer to "make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client." A cyber breach at a law firm is not a generic data-loss event — it is a presumptive violation of professional conduct that triggers state-bar reporting obligations in most jurisdictions, separate from any breach-notification statute. Cyber policies written for SMBs do not contemplate this. Lawyer-specialty policies do.

2. Trust-account (IOLTA) wire fraud.

Solo and small firms hold client money in IOLTA accounts. The single most common loss event for these firms is not ransomware — it is a wire-fraud / business-email-compromise attack against the IOLTA: a fake real-estate-closing instruction, a hijacked client thread, or an impersonated counterparty rerouting settlement funds. Standard cyber policies sub-limit social-engineering fraud aggressively (often \$25K–\$100K) — which is below the typical IOLTA balance at even a small real-estate practice. This sublimit is the single most important coverage to negotiate.

3. Litigation-hold data on the network.

Law firms accumulate enormous quantities of opposing-party, third-party, and privileged data through discovery. A breach exposes data that the firm does not own and was holding under court order. The downstream liability — to the actual data subjects, to the producing parties, to opposing counsel — is materially different from a normal data-breach scenario. Carriers without lawyers-specialty experience model this wrong.

Why Chubb is the default for traditional mid-to-large firms

Three reasons Chubb has held the mid-to-large law-firm cyber market:

1. Adjacent Lawyers Professional Liability presence. Chubb has been writing Lawyers PL for decades. When the firm already has its PL with Chubb (very common at this size), cyber bundling on the same paper avoids coordination-of-coverage friction in a claim. This compounds — most mid-market firms end up at Chubb for cyber via the existing PL relationship, not via competitive cyber RFP.

2. AM Best A++ financial strength. Banking clients, corporate-counsel-driven RFPs, and government contracts increasingly require the firm's cyber carrier to hold a top-tier financial-strength rating. Coalition (rated through reinsurance with Swiss Re Corporate Solutions and Argo), Cowbell (Markel-backed), and other insurtech-style carriers can clear most rating thresholds but not all. Chubb's A++ never fails the procurement gate.

3. Dedicated lawyers cyber endorsement. Chubb's standard cyber form has a lawyers-specific endorsement covering the Rule 1.6 reporting obligation, the trust-account-fraud sublimit at higher limits than the SMB book, and litigation-hold data as covered "information." That endorsement is the single biggest substantive difference between a lawyers-aware policy and a generic one.

Why Hiscox is the default for solo and small firms

For firms under ~10 attorneys, the Chubb minimum premium is hard to justify against the actual exposure, and the underwriting friction is heavy for a buyer who wants a quote in 48 hours.

Hiscox runs a small-business cyber product purpose-built for the 1–50-employee buyer. Three reasons it wins this segment:

• Direct, fast, quote-online underwriting. Many solos buy without a broker. Hiscox's process accommodates this; most carrier-direct cyber quotes do not.
• Cyber + Errors and Omissions packaged. Hiscox can bundle small-firm professional liability and cyber, which simplifies renewal and reduces total premium.
• Competitive pricing at the small end. At the 1–5-attorney level, Hiscox is consistently the cheapest credible quote, often by a meaningful margin.

The constraint: Hiscox is less competitive past ~10 attorneys. Above that size, the underwriting questionnaire and limit ceiling start to bind, and you should re-quote against Chubb and a specialty broker.

Why Coalition is the default for tech-forward firms

A "tech-forward" law firm — defined here as a firm whose primary infrastructure is cloud (no on-prem file server, no Citrix), whose matter management is a modern SaaS (Clio, MyCase, PracticePanther, or similar), and whose attorneys use modern productivity tools (Notion, Slack, Linear) — is structurally well-suited to Coalition's underwriting.

Three reasons:

• Continuous attack-surface monitoring. Coalition runs external scans on the firm's web-facing footprint as part of pre-bind and continuously after. For a cloud-native firm this is more useful than a one-time questionnaire — and the carrier prices to that reduced risk.
• Fast, broker-light buying motion. A modern boutique often does not have a long-standing relationship with a Lawyers PL broker. Coalition quotes are accessible via Embroker, Vouch, and similar tech-aware brokers who already serve the firm's adjacent insurance lines.
• Tooling alignment with how the firm operates. Coalition's claims handling, dashboards, and incident-response coordination are built for SaaS-native buyers. Older carriers' equivalents are not.

The constraint: Coalition is weaker at the BigLaw / banking-client end where AM Best rating gates matter, and weaker at the solo-IOLTA end where price compression and bundled PL dominate.

Law-firm-specific things to negotiate

Four sublimits and clauses matter more than the headline premium. None of them are visible on the binder summary — you have to pull the policy form.

1. Social-engineering / wire-fraud sublimit (especially for IOLTA-holding firms).

The single most common law-firm cyber loss is a wire-fraud attack against an IOLTA or a closing escrow. Most carrier base forms sub-limit social-engineering fraud at \$25K–\$100K. For a firm with active real-estate, trust-administration, or settlement-funds practices, push for a sublimit matching the typical funds balance — often \$250K–\$1M. Chubb and Travelers will quote this up; Coalition can; Hiscox at small-firm limits often cannot.

2. Rule 1.6 reporting and bar-investigation coverage.

When you self-report a breach to the state bar, defense of any resulting investigation should be covered as regulatory defense — not excluded as a "voluntary disclosure." Specifically request this clause. Lawyers-specialty endorsements have it; standard SMB forms often do not.

3. Third-party data and litigation-hold coverage.

Confirm that "Information" or "Covered Data" in the policy form includes data the firm holds under discovery or court order — not only data the firm has a direct relationship to. This is the difference between coverage that responds to a real law-firm breach and coverage that argues coverage in a real law-firm breach.

4. Ransomware extortion payment authorization.

OFAC-sanctioned-entity exclusions have become standard since 2022, but the operational question is who can authorize a payment and how fast. For a small firm where downtime closes the practice, slow authorization is operationally worse than not paying at all. Confirm the breach-coach panel, the authorization decision chain, and the practical SLA before binding.

What to do — in order

1. Identify your firm shape. Solo/small (1–10 attorneys), mid-traditional (25–250), tech-forward boutique, or BigLaw (250+, which has its own buying motion outside this guide). This determines which two or three carriers to quote.
2. Quote at least three carriers. Even at the small end, get Hiscox plus two of Coalition / Cowbell / Travelers. Spread is real.
3. Use a lawyers-aware broker for mid and large firms. USI, Marsh, Aon, and Lockton all have lawyers-specialty practices. Their carrier panels are calibrated for the Rule 1.6 / IOLTA / litigation-hold exposure stack. Generic small-business brokers are not.
4. Pull the policy form before binding. The four clauses above are policy-form questions, not quote-summary questions. The quote summary will not tell you whether your Rule 1.6 reporting is covered.
5. Re-quote annually. Cyber pricing shifts faster than any other commercial line. Multi-year deals usually aren't worth the rate lock.

Adjacent reading

• Best cyber insurance for a fintech startup — Coalition-modal market with parallel sublimit considerations
• Best cyber insurance for a SaaS startup — broader tech-buyer framing
• Best cyber insurance for a healthcare practice — adjacent professional-regulated vertical
• Best E&O insurance for a software developer — separate but commonly-paired professional liability
• Coalition — vendor card
• At-Bay — vendor card