Category Archives: Cyber Liability Insurance

Trust Your Systems

Posted on by

I just got back from playing a round of golf, and while I had a great time thanks to my playing partner, my actual game was pretty lousy. Like most golfers, on the drive home I caught myself thinking: maybe it’s time for a new putter, a different set of clubs, or a new brand of golf balls.

But then it hit me — my clubs didn’t suddenly get worse in the past two weeks. My golf balls didn’t change. And my putter didn’t lose its magic. The truth was simple: it wasn’t the equipment, it was me.

My tempo was off. I was swinging too fast. I wasn’t focused. And that got me thinking: the same thing happens in business — especially in law firms.

The “Equipment” Problem in Law Firms

When something goes wrong in a firm — a missed statute of limitations, a conflict of interest issue, or a client complaint — our first instinct is often to blame the system.

  • “The calendaring program let us down.”
  • “The conflict checker didn’t catch it.”
  • “We need a better case management tool.”

That knee-jerk reaction leads many attorneys to shop for the “latest and greatest” software. But just like with golf, buying new equipment doesn’t always solve the problem.

It’s Not the Tools, It’s the Process

Before rushing out to invest in new programs, it’s worth asking: Are we using the systems we already have, properly and consistently?

A few examples to consider:

  • Calendaring systems: Are you and your staff updating them daily without fail?
  • Conflict of interest checks: Are all clients, former clients, and ownership interests properly logged?
  • Client documentation: Are you recording every conversation, every update, in the system right away — or are you telling yourself you’ll “do it later” and never getting back to it?

When these steps slip, it’s not the software that failed. It’s the process.

A Weekly (or Bi-Weekly) Check-In

The fix isn’t shiny new tools. It’s discipline. Take a few minutes each week — or at least every two weeks — to sit down with your team and review:

  • Are we updating systems the way we should?
  • Are we putting in accurate, complete information?
  • Are we letting bad habits slide?

Your systems are only as good as the information you feed into them. If you don’t use them consistently, even the most expensive software won’t save you.

Back to the Golf Course

Golf taught me this: you don’t need a brand-new set of clubs every time you have a bad round. You need to slow down, adjust your swing, and focus on the fundamentals.

In the same way, law firms don’t always need new programs when mistakes happen. They need to look inward, review processes, and make sure the team is disciplined in using the systems already in place.

Remember: success isn’t about the latest equipment — it’s about how you use it.

Real-Life Cyber Claim Examples With Don Ivol

Posted on by

Lawyers often ask for proof that cyber events and data mistakes really hit small firms—and what those losses look like in dollars. Below are two real-world claim scenarios to help you see how quickly costs add up and which safeguards (and coverages) matter most.

#1: Shared Office, Shared IT… Total Data Loss

The setup:


A three-lawyer firm subleased space from a larger firm and piggy-backed on the larger firm’s IT. To “separate” data, the small firm was given its own file server (originally used for email).

What went wrong:


The larger firm’s IT admin backed up email, formatted the shared server, and reinstalled software—but forgot to back up the small firm’s files. Result: complete data loss and an operational shutdown while the firm tried to rebuild.

Documented impact:

  • Data restoration expenses: $23,000
  • Lost billable hours: roughly $98,900 (about “$99k” in the narrative)

Why this matters:


Not every disaster is a hacker. Plain old human error and poor segregation of systems can be just as destructive.

How to prevent this (practical steps):

  • Own your backups (don’t rely solely on a landlord’s/host firm’s IT). Use a 3-2-1 backup strategy and test restores.
  • Put clear, written data-segregation and change-management terms in your office/IT agreement.
  • Keep off-network backups (immutable/cloud snapshots) and run recovery drills twice a year.
  • Maintain a simple RPO/RTO target (how much data you can afford to lose/how fast you must be back).

Where insurance can help (policy-dependent):
 Cyber policies with data restoration and business interruption coverage can respond to accidental data loss; some tech E&O or malpractice policies may also come into play depending on facts. Terms vary—review your policy.

#2: Cloud Downgrade → Confidential Case Exposed

The setup:


A firm used a cloud storage provider with two tiers: free and premium. The premium tier kept data private; the free tier made content searchable/downloadable by others.

What went wrong:


The firm missed the renewal. The account reverted to the free tier, quietly exposing the firm’s files online for months. During that window, third parties downloaded details of a sensitive whistleblower matter.

Documented impact (one case):

  • Notification costs: $27,000
  • Defense expenses: $35,000
  • Damages: $2,150,000
  • Fines & penalties: $120,000
  • (Additional client lawsuits were pending and not included in these totals.)

Why this matters:


Most breaches aren’t Hollywood hacks—they’re misconfigurations, missed renewals, or lax vendor settings.

How to prevent this (practical steps):

  • Use auto-renew with multiple payment methods and billing alerts for critical SaaS tools.
  • Enforce least-privilege access, MFA, and default private sharing settings; require approvals for any public link.
  • Turn on configuration monitoring and data-loss prevention (DLP) alerts for exposure of sensitive matter names/IDs.
  • Keep a data map: what you store, where it lives, who can access it, and how long you keep it.

Where insurance can help (policy-dependent):


Cyber policies commonly address privacy liability, regulatory investigations (where insurable), breach response (forensics, notifications, PR), and defense. Coverage for fines/penalties depends on jurisdiction and policy language. Some professional liability (LPL) policies may also respond to alleged ethical violations—review both with your broker.

What These Stories Prove

  • It’s not just “hackers.” Human error and billing lapses can trigger seven-figure exposure.
  • Shared or “free” is risky. If you don’t control the system, you don’t control the risk.
  • Time is money. Even “small” incidents bleed billable hours and momentum.

Insurance is a backstop, not a substitute for sound IT practices.

10-Point Cyber Hygiene Checklist for Small & Mid-Size Firms

  1. 3-2-1 backups with quarterly restore tests
  2. Vendor billing safeguards (auto-pay + backup card + calendar reminders)
  3. MFA everywhere (email, practice management, cloud storage, VPN)
  4. Least-privilege access and quarterly access reviews
  5. Encrypted, private-by-default cloud repositories; ban public links
  6. Patch/update cadence for OS, apps, and network devices
  7. Incident Response Plan with breach-coach contact and a tabletop twice a year
  8. Data map & retention policy (limit what you store; purge on schedule)
  9. Security awareness training (phishing, sharing, and file-handling)
  10. Annual policy review (cyber + LPL) to close obvious gaps

These aren’t edge cases—they’re everyday risks for modern law practices. A few process tweaks plus the right blend of cyber and malpractice coverage can be the difference between an expensive lesson and a swiftly managed incident.

If They Can Breach an Insurance Giant, What’s Stopping Them from Hitting Your Law Firm?

Posted on by

I recently read something eye-opening in an insurance journal — a reminder that cybercrime isn’t just evolving, it’s organizing.

There are now cybercriminal groups that no longer just pick off random companies with weak cybersecurity. Instead, they target entire industries, strategically identifying and exploiting vulnerabilities across the sector. 

One such group is known as Scattered Spider, and their newest target? The insurance industry.

In recent months alone, major players like Philadelphia Insurance Company, Erie Insurance, and Aflac have been hit with significant cyberattacks. These breaches not only disrupted their operations, but in Erie’s case, have already led to multiple class action lawsuits.

Let’s think about that…

These are companies that:

  • Handle sensitive data every day
  • Have risk management baked into their company DNA
  • Invest hundreds of thousands of dollars (if not millions) into cybersecurity infrastructure

… and they still got breached.

So here’s the question every law firm should be asking:

If these highly protected insurance companies aren’t safe, what makes you think your firm is?

The Ugly Truth – Law Firms Are Prime Targets

You might be thinking, “We’re a law firm — not an insurance company. Why would hackers bother with us?”

Here’s why:

  • You store the same type of sensitive data: personal information, financial records, privileged communications.
  • You likely don’t have the same kind of IT budget or internal safeguards that large insurers do.
  • And from a hacker’s perspective, that makes you low-hanging fruit.

Whether you’re a solo practitioner in Pittsburgh or part of a mid-sized firm in Cleveland, you’re exposed — and attackers know it.

The Smart Next Step For Your Firm: Cyber Liability Insurance

Even if you have antivirus software, firewalls, and employee training in place (and you should), there’s another essential layer of protection… 

A tailored cyber liability insurance policy.

This isn’t just about protecting your firm — it’s about protecting your clients and your reputation. A single breach can take down your operations, cost tens of thousands in recovery, and damage your trust with clients.

Cyber policies are more affordable than most firms realize, especially compared to the cost of recovering from an attack.

Want to Learn More?

I go deeper into these risks and solutions in my book, Game Over? Not Today! 

It’s written specifically for professionals like you — attorneys, advisors, and business owners who want to understand the threat landscape and take action before it’s too late.

Pick up my free book today here -> https://bit.ly/INF-Game-Over-Not-Today 

Stop procrastinating. Protect your firm, your data, and your clients.

If you’re in Pennsylvania or Ohio and want to explore your cyber coverage options, I’d be happy to help.

I’m Don Ivol — your insurance guy.

Game Over? Not Today — Why Every Business Needs to Read This Free Cyber Insurance Book

Posted on by

We recently published a brand-new book titled Game Over! Not Today and the best part? It’s absolutely free. This guide is designed to help business owners like you understand the ins and outs of cyber liability insurance, and more importantly, how to protect your business from the growing threats in today’s digital landscape.

Why You Should Download It

Cyber threats aren’t just a big-business problem anymore. Small and mid-sized businesses are increasingly being targeted by hackers, and unfortunately, many are caught unprepared. That’s exactly why we wrote this book—to demystify cyber insurance and give you the tools and knowledge to confidently face these challenges.

Every chapter in this book offers valuable insights, but there are two chapters I really want you to pay close attention to: Chapter 6 and Chapter 8. These contain immediate, actionable advice that could make all the difference if your business ever experiences a cyber event.

🔐 Chapter 6: Building a Strong Incident Reporting Process

When a cyberattack happens, chaos can follow—unless you have a plan. Chapter 6 walks you through exactly how to build a strong incident reporting process, so you’re not left scrambling in the heat of the moment.

Inside, you’ll learn:

  • Who you need to contact (with phone numbers and email addresses already laid out)
  • What your immediate next steps should be
  • How to document and report the incident to your insurance carrier
  • What details are critical to have on hand before something goes wrong

This chapter ensures that when you’re hit with a cyber event, you’re not asking, “What do I do now?”—because you’ll already know.

👥 Chapter 8: The Importance of Employee Education

Your employees are your first line of defense, and Chapter 8 dives deep into why education and engagement are critical. A team that understands what a cyberattack looks like—and feels confident raising their hand when something seems off—can prevent a bad situation from getting worse.

You’ll discover:

  • How to create a team-oriented cyber-safe culture
  • What to include in your employee training
  • Why employee involvement in your cyber response procedures is non-negotiable

From phishing emails to ransomware, your team needs to know what to look for and how to act fast—and this chapter gives you the playbook to make that happen.

Your Next Step: Download the Book

If you’ve ever felt unsure about cyber liability insurance or what steps to take if your business is attacked, this book is for you. It’s practical, straightforward, and best of all, it’s free.

📘 [Click here to download Game Over? Not Today now!] 

Get My New Book on Cyber Liability Insurance – Absolutely Free!

Posted on by

I’ve been working hard behind the scenes, and I’m thrilled to finally share some exciting news — I’ve completed my book on cyber liability insurance, and I want you to have it for free!

The book, titled Game Over, Not Today,  is designed to be your roadmap for preparing your office to defend against cyber threats, while also demystifying the coverages found in a typical cyber liability policy.

Through the experiences of two fictional small businesses — Legal Eagles LLC and Helping Hands Chiropractic Corp. — you’ll follow their journeys navigating the cyber landscape using smart risk management practices and the right insurance coverage. I’ve included real-world examples and simple, effective explanations of policy terms and definitions to make even the most complex topics easy to understand. Whether you’re just starting out or looking to strengthen your current protections, this book will help you upgrade your cyber defense strategy.

Why did I write this book?


One of the most common questions I hear from clients and prospects is, “I don’t even know what cyber liability is — why would I need to insure against it or implement cybersecurity systems?” This book answers that question and many others. It was written with the goal of helping you better understand the cyber risks your business faces every day, and why taking action now is so important.

Here’s what you’ll get from the book:

  • A clear understanding of cyber liability insurance
  • Real-life solutions to common cyber exposures
  • Practical steps to enhance your office’s cybersecurity
  • Peace of mind — and it won’t cost you a dime!

In fact, by applying the strategies outlined in the book, you could end up saving money by reducing the likelihood of a cyber claim in your business.

Getting your free copy of “Game Over, Not Today” is easy. 

Click here to download the book now!

Don’t miss out on this opportunity to strengthen your business against today’s growing cyber threats. It’s a quick, valuable read that could make all the difference!

Beware the Phishing Scams: Staying Vigilant in the Digital Age

Posted on by

In today’s digital age, phishing schemes have become rampant, with scammers becoming increasingly sophisticated in their tactics. These malicious activities pose significant risks, including financial loss and identity theft. Understanding how these scams operate and knowing how to protect yourself is crucial in safeguarding your personal information.

How Phishing Schemes Operate

Phishing scams typically involve fraudulent emails that appear to come from legitimate sources. These emails often contain urgent messages designed to trick recipients into providing sensitive information such as social security numbers, credit card details, and login credentials. Common tactics include:

  • Impersonating Trusted Entities: Scammers often masquerade as banks, credit unions, internet service providers, or even government agencies. They create emails that look convincingly real and request verification of personal details.
  • Creating a Sense of Urgency: Many phishing emails claim that immediate action is needed, such as verifying account details to avoid suspension or confirming payment information due to a system update.
  • Using Familiar Branding: Fraudulent emails often incorporate logos and branding elements from legitimate companies to enhance their credibility.

Potential Risks and Damages

Falling victim to a phishing scheme can have severe consequences, including:

  • Financial Loss: Scammers can quickly rack up charges on your credit cards or drain your bank accounts.
  • Identity Theft: Providing personal information can lead to identity theft, causing long-term damage to your credit and financial standing.
  • Data Breaches: Sharing login credentials can compromise your online accounts, resulting in data breaches and unauthorized access.

Importance of Vigilance

Given the increasing frequency and sophistication of these scams, it’s essential to remain vigilant. Here are some tips to help you identify and avoid phishing schemes:

Tips to Identify and Avoid Scams

  1. Verify the Sender: Always check the sender’s email address carefully. Look for slight misspellings or unusual domain names that may indicate a fraudulent email.
  2. Be Skeptical of Urgent Requests: Be wary of emails that create a sense of urgency or pressure you to act quickly. Take the time to verify the request through official channels.
  3. Avoid Clicking on Links: Do not click on links or download attachments from unknown or suspicious emails. Hover over links to see the actual URL before clicking.
  4. Use Two-Factor Authentication: Enable two-factor authentication (2FA) on your accounts to add an extra layer of security.
  5. Educate Employees: If you manage a team, ensure that your employees are aware of these scams and know how to handle suspicious emails.
  6. Consider Cyber Liability Insurance: Cyber liability insurance can provide coverage in the event of a data breach or cyberattack, helping to mitigate financial losses and recovery costs.

Phishing schemes are a growing threat, but by staying informed and cautious, you can protect yourself and your personal information. Remember to verify email senders, be skeptical of urgent requests, and avoid clicking on suspicious links. Educating yourself and others about these scams is the first step towards safeguarding against potential risks.

Take the time this summer to enjoy some real fishing—the kind that lets you relax and maybe even catch a meal. Stay safe and vigilant online.

I’m Don I, Your Insurance Guy!

Have any questions about the topic discussed in this blog post? Contact us today! 412.563.2106

Personally Identifiable Information (PII) and Its Importance In Protecting Small Firms

Posted on by

In today’s digital age, protecting Personally Identifiable Information (PII) is not just a necessity for large corporations but a critical task for small firms as well. The rise in cyber threats has made PII protection paramount for businesses of all sizes. But what exactly is PII, and why is it so crucial for small firms to safeguard it?

Understanding PII

PII refers to any data that can be used to identify a specific individual. This includes names, addresses, phone numbers, social security numbers, and more. For small firms, this information is often collected from customers, employees, and even business partners. The protection of this data is essential in maintaining trust and ensuring compliance with various regulations.

The Growing Threat of Cyber Attacks

Cyber threats are becoming increasingly sophisticated, and small firms are not immune. In fact, small businesses are often seen as easy targets by cybercriminals due to their sometimes lax security measures. A single breach can lead to significant financial loss, legal repercussions, and a damaged reputation.

Why PII Protection is Crucial for Small Firms

  1. Trust and Reputation: Customers trust businesses with their personal information. A breach can shatter this trust and damage the firm’s reputation.
  2. Compliance: Various regulations require businesses to protect PII. Non-compliance can result in hefty fines and legal issues.
  3. Financial Protection: Data breaches can be costly. Protecting PII helps prevent financial losses associated with cyber attacks.

Engaging and Informative Resources

To illustrate the importance of PII protection, we’ve created a video featuring “Don I, Your Insurance Guy!” Don breaks down complex insurance topics into simple, easy-to-understand segments, making it clear why PII protection is a must for small firms.

Don’s engaging explanations and real-world examples will help you understand the critical steps needed to protect your business from cyber threats.

In summary, PII protection is not just a regulatory requirement but a business imperative. By taking proactive steps to safeguard personal data, small firms can prevent cyber attacks, maintain customer trust, and ensure long-term success. Stay informed, stay protected, and ensure that your business is a fortress against cyber threats.

For more information and detailed guidance, contact us today! Protecting PII is an ongoing effort, and staying vigilant is the key to safeguarding your small firm.

Real-life Cyber Claim Examples: The Importance of Cyber Insurance

Posted on by

It seems as though everyone likes to hear a good war story and it is no different when it comes to cyber claims. Besides price, it may be the most asked question I hear – What kind of claims are being filed? Can you give me an example of a claim to show that this is real and I should be buying a policy? So, let’s delve into this topic and let me tell you a couple of real-life cyber claim scenarios:

War Story 1: The Case of Accidental Data Loss

A small law firm lost all of their data, including backups, from a shared office space when the IT administrator formatted the hard drive on the office equipment. The firm, which had three lawyers, was operating inside unused space at a larger firm. As part of the arrangement, the smaller firm also used the IT systems of the larger firm.

In an effort to segregate the data of the smaller firm, the larger firm gave them access to their own file server, which was normally used for email only. The server began having issues, so the IT administrator backed up the emails on the server, formatted the hard drive, and reinstalled all the software. Unfortunately, the IT administrator did not remember to backup the data from the smaller firm before formatting the hard drive.

The firm suffered an interruption of operations as a result and incurred significant expense to recover the data manually. In this case, the damages and loss are as follows:

  • Data Restoration Expense: $23,000
  • Loss of Billable Hours: $8,900

War Story 2: The Case of Accidental Data Breach

A law firm handling Qui Tam cases suffered an accidental data breach resulting in legal liability and disciplinary proceedings for alleged ethical violations. The firm used a cloud storage service for all firm data. The cloud storage provider offered two tiers of service to clients, free and premium.

Data in the “free” storage service is searchable and can be downloaded by other customers. The firm neglected to pay their renewal fees for the “premium” service, so the firm’s account reverted to the “free” service and all of the firm’s data was searchable and available online for several months. During that time, numerous parties downloaded the details of a sensitive whistleblower case.

As a result, the firm faced a lawsuit from the former client in the whistleblower case as well as a disciplinary proceeding. Several other suits from other current and former clients are also pending. In this case, the damages and loss are as follows:

  • Notification Expense: $27,000
  • Defense Expense: $305,000
  • Damages: $2,150,000
  • Fines & Penalties: $120,000

Note: pending suits from other clients are not included in loss amounts listed above.

These examples illustrate the real-life implications of not having a robust cyber policy. In today’s digital age, where data breaches and cyber attacks are becoming more common, having a comprehensive cyber insurance policy is not a luxury, but a necessity. It’s time to take a proactive approach to protect your firm and clients from potential cyber threats.

Maximizing Your Cyber Insurance: Understanding the Full Range of Protection

Posted on by

Most of the calls I receive about cyber insurance are for Fraudulent Funds Transfer.  This seems to be what the caller is most interested in and for good reason especially if your profession is in the area of law, real estate, or title/escrow work.  However the cyber policy is much more than just fraud transfer coverage.

The policies are usually what I consider a program or a suite of coverages made up of first and third party benefits and a strong risk management team.  Several of the carriers that write cyber insurance will perform or run an analysis of your website/online presence and identify weakness that exists and exposures that may lead to a cyber attack or event.  The carrier prepares a report that will not only identify the weakness but will also offer suggestions on how to correct or eliminate the exposure.  They also will rank or compare your cyber situation and scan results to other companies of similar size and industry. Allowing you to see if you’re keeping up with others in your industry in keeping your business, your clients and your customers safe from cyber attacks.

Other benefits provided by most cyber policies include: Notification costs.  Did you know that the government requires you to notify your customers in the event you have a cyber attack and personal/confidential data is compromised?  Think of how many files you have.  It won’t be cheap to notify and complete this task.  Ransomware.  Think you’ll never become a victim of this because your office is too small, and you don’t have or keep large amounts of personal confidential information? Think again.  Everyone is a target for this type of claim.  A hacker breaks into your computer system and stops your ability to use it or shuts down the entire system unless you pay XX amount of dollars.  How long can your office run with no access to your computer system?  

Fraudulent transfer of funds, risk management team services, strong claims team, notification costs and Ransomware coverage only scratches the surface of what coverages/benefits are provided in most cyber policies.  Although you may only have interest in one or two of these you need to be aware of all the coverages available to you in your cyber policy.  Rarely in a cyber claim is only one benefit/coverage part triggered.  Usually several parts come into play.  Don’t short yourself by not knowing all of the coverages and assistance that is available to you under your policy.  Read it and call your broker, and or the risk management team of the program with your questions.

Cyber Security Challenge Level 4: Always enable multi-factor authentication

Posted on by

Welcome to the level up your cyber security in October program courtesy of integrity first Corporation. 

We’re on level four, the final week, which is enabling multi-factor authentication, or you might know it as two factor authentication. 

Now in computer security an authentication factor is anything you use to authenticate yourself with a system. Using a password is the most common type of authentication. With multi factor authentication, MFA, or two factor authentication 2FA, you use two or more different factors to log in. 

One example is a password and a verification code sent to your smartphone. This is something that’s really common whenever you sign into banks. This is an extra layer of security. So even if one of your factors is stolen, like your password, the hacker doesn’t have access to the other authentication factor like your phone. 

This stops them from accessing your account. As more and more organizations implement multi-factor authentication to strengthen their security practices, you might encounter different types of authentication factors. 

There are three different types you might be asked to provide. So something you know, which are passwords and security questions. Something you have, such as a verification code on your phone or a key card or something you are such as biometrics, like your fingerprint or a scan of your face. The more factors you use, the better your security. 

Having a combination of authentication factors is an even better way to keep your data protected. 

If you have any questions about any of these levels, please contact integrity first Corporation for help.