Captive insurance and a lack of in-depth cybersecurity insurance knowledge can leave some law firms with a rude awakening.