Aon  |  Professional Services Practice
Cyber Insurance for Law Firms

In an ever changing legal landscape, a firm’s threat to a cyber-breach is becoming a constant reality. Cyber criminals are no longer just targeting large Fortune 100 companies; they are specifically targeting the legal and professional services sector with increasing frequency.

Cyber breach has the ability to negatively impact a firm in a variety of ways. Criminals have the ability to hold a firm hostage from their own systems, disrupt day to day business activities, access employee’s personal identifiable information, or even access sensitive client data.

Aon’s Professional Services practice understands the specifics of a law firm’s exposure to such liabilities. Being a dedicated group of insurance professionals who specifically work with law firms, we have constructed a proprietary product for law firms that accurately addresses first and third party liabilities, while including valuable pre and post loss services at no additional cost.

“We thought all cyber policies were the same, after our loss we quickly realized that a cyber-policy is only as good as the terms and conditions of coverage provided and the depth of the services included at no additional cost.”

Proprietary Cyber Product

Aon has built a proprietary cyber product that includes the following highlights:

Seamless coverage interaction with the firm’s Lawyer’s Professional policy – being the world’s largest insurance brokerage for law firms, we understand how a cyber-breach would affect both your cyber policy and professional program. Our product provides for lower retention on first party coverages as well as clarifying language for both policies.

Automatically includes a suite of pre and post loss services from industry leading professionals, including:

Pre Loss

  • 2 hour consultation and on-boarding call with counsel, who specialize in cyber loss.
  • Consultation will walk through a claims process, consult on vendor selection, and answer any questions.
  • Access to a suite of online training modules, compliance narratives, and manuals.
  • Free Shunning Device – automatically blocks known IP addresses associated with cybercrimes, reducing your chance of a loss.

Post Loss

  • Breach Coach – full availability of a dedicated breach coach to consult with, under the privilege of counsel in the event of a breach.
  • Forensic Investigation – coverage for and referral of industry leading companies who properly investigate the source and depth of a breach.
  • Remediation – included security consulting, reconstruction of data, and reinstatement of software.
  • Crisis Response – referral of specialists and coverage for public relations, client communication consultants, and a crisis fund.
  • Regulatory Action – legal advice on navigating regulatory requirements post breach, including coverage for awards, fines and penalties, and defense costs.
  • Notification – coverage for and consultation with specialists who understand costs and procedures related to relevant credit monitoring and other state and federal requirements when personally identifiable information has been breached.


Aon’s Professional Services practice is the largest broker of cyber for law firms in the world. We have developed a product that has some of the broadest terms and conditions available in the market. We work with over 14 specialized carriers for cyber coverage, and have the ability to place in excess of $100,000,000 in coverage in the US market alone.


With over 150 cyber clients globally we construct and place cyber programs for firms ranging from 25 attorneys up to several of the AM Law 100 firms. Our large law firm client base allows us to aggregate data and provide detailed benchmarking on what limits the firm’s peers are buying.

Recent Law Firm Cyber Incidents

  • The “Panama Papers” – a large international law firm specializing in setting up off-shore corporations had their entire corporate database exfiltrated. 2.6 terabytes of data was released to the International Consortium of Investigative Journalists. Recent news reports suggest that the theft of data was committed by an insider, probably in collusion with outside parties.
  • The “Oleras” list – Crain’s Chicago Business published an article in late March 2016 disclosing a report from a Cyber Security firm that had found “on the dark web” an advertisement from a Ukraine-based hacker called “Oleras”. The advertisement offered a reward to anyone who could provide him with access credentials or any entry point into the servers of 48 named major US law firms, and a share of the profits on any successful trade executed with data stolen as a result.
  • The Wall Street Journal published an article at the end of March 2016 stating that a number of major New York Law Firms (two of which it named) had been hacked. The article did not contain any detail beyond the two names disclosed, but it stated that the FBI and Federal Prosecutors were investigating the matter to establish whether confidential information had been used for insider trading.

To learn more about our Cyber insurance solutions for law firms, please contact Tom Ricketts.

Tom Ricketts
Senior Vice President and Cyber Risk Leader
New York