Think You Are Covered? Better Read Your Cybersecurity Policy — Carefully

By Stephen Embry on January 29, 2026

Think your law firm’s cybersecurity insurance has you covered? Think again.

New survey data reveals troubling gaps: only 45% of policies cover ransomware, despite 1 in 5 organizations reporting ransomware incidents.

And 45% of policies can be voided due to inadequate security controls, something many firms only discover after filing a claim.

Law firms need to read their cyber policies with the same scrutiny they’d apply to a client’s contract. Because when (not if) an incident happens, “we thought we were covered” won’t pay the bills.

Here is my Above the Law post.

TechLaw Crossroads is a no-bullshit blog written mainly by me. As Harold Ross, the New Yorker founding Editor said, “Everybody knows the news. Now tell us something about it.” That’s my goal. I am a former lawyer who practiced as a partner with a large law firm for the better part of 30 years. I was a trial lawyer, mostly in mass tort and, later, in data breach, privacy, and cyber insurance areas. I also write for Above the Law.

I am a panelist on LegalTech Week, a weekly roundtable of legal tech journalists where we discuss the most significant legal tech stories of the week.

Je ne regrette rien