$599 + GST Get My Health Check

In about an hour, see exactly where you're exposed, turn your gaps into a prioritised action plan you can track, and get a professional report you can show your insurer, regulator, or clients — no IT knowledge needed.

Your clients trust you with information they wouldn't tell anyone else.

Litigation strategy. Commercial negotiations. Family disputes. Criminal defence matters. The information in your systems is protected by legal professional privilege for good reason—it's extraordinarily sensitive. A data breach doesn't just expose documents; it can destroy privilege, compromise cases, breach confidentiality obligations, and end client relationships built over decades.

Law firms are being held to ransom. Ransomware attacks on legal practices have surged. Criminals know that lawyers will pay to avoid having client matters locked—or worse, leaked. Practices have faced impossible choices: pay the ransom, or watch as privileged client information is published online. The reputational damage alone can be fatal to a firm built on trust and discretion.

Your Law Society and the Privacy Act have real consequences.

Law Societies across Australia now treat cyber security as part of running a competent practice. The Legal Services Commissioner investigates complaints from cyber incidents, and a finding of unsatisfactory professional conduct can suspend or cancel your practising certificate. The Privacy Act adds penalties up to $50 million for failing to protect personal information. "I didn't know" is not a defence.

Your reputation is your practice.

Clients choose lawyers they trust. A cyber incident that exposes client information—even if you're technically a victim—destroys that trust instantly. Word travels fast in legal circles. Referrers stop referring. Corporate clients find new firms. The practice you've spent years building can unravel in weeks. Can you demonstrate you took reasonable steps to protect client information?

Conveyancing fraud is an additional, specific threat.

Beyond ransomware, criminals actively target law firms involved in property transactions. They compromise email accounts, monitor settlements, then send fraudulent payment instructions with altered bank details. Settlement funds vanish—often hundreds of thousands of dollars. Firms have been held liable. Trust accounts have been decimated. This is a daily threat to any practice handling property matters.

Court portals, practice management, document systems—every entry point is a risk.

Think about what's accessible if an attacker compromises one password: court filings, client communications, financial records, matter files going back years. LEAP, SILQ, Actionstep—whatever system you use—needs proper security controls. When did you last check?

This health check is built specifically for legal practices.

Plain-English questions covering the security risks that matter for law firms: privileged information protection, ransomware defences, conveyancing fraud prevention, court portal security, practice management systems, trust account protection, and email security. No technical jargon—designed so any principal or practice manager can complete it.

What you get:

63
Plain-English Questions
Specific to legal practices—no technical knowledge required
Clear Security Score
See exactly where you're protected and where you're exposed
Prioritised Actions
Gaps ranked by risk, then turned into a phased action plan you track to completion
Professional Reports
Comprehensive Word report with scores, recommendations, and improvement plan

What your results look like

Finish in about an hour and you get a clear overall score, a breakdown across every security domain, and every gap turned into a prioritised action plan you can track and export. (Example output.)

Cyber Security Health Check results screen showing an overall score and maturity across Essential, Recommended and Advanced practice levels
Your overall score, plus maturity across Essential, Recommended and Advanced practices.
Domain Maturity Analysis showing a score-by-domain bar chart and a gap risk distribution pie chart
A breakdown across every security domain, with your gaps grouped by risk level.
What You're Doing Well section highlighting the security areas where the business is already strong, with a score and an Excellent rating
It's not just problems — it highlights what you're already doing well, too.
Identified Gaps table listing each gap with time, cost, urgency, risk and priority, plus a plain-English recommendation
Every gap ranked by priority, each with a plain-English recommendation.
Action Register table listing chosen actions with owner, due date and status, plus a Download register Excel button
Turn gaps into a tracked action register — owner, due date, status, export to Excel.

What You Receive

Every assessment generates a comprehensive report. Download a sample below.

Summary Report

Plain-English findings with scores, prioritised improvement plan, risk associations, and resources

Download Sample

Complete it in about 60 minutes. No technical knowledge required. Your data never leaves your device.

Who is this for?

Sole practitioners, small partnerships, and boutique law firms. Principals and practice managers responsible for compliance and risk management. Any legal practice that handles client information and wants to understand their cyber security posture—without needing IT expertise to do it.

AI-Powered

Your Assessment Includes a Personal AI Security Advisor

Two AI assistants are built into the tool — one to help you during the assessment, one to help you make sense of your results. Like having a security professional on call.

During the assessment

Not sure what a question is asking? Just ask.

Every question in the assessment has an AI helper built in. Tap it and ask anything — "What does this question actually mean?", "Can you give me an example?", "Why does this matter for my business?" — and you'll get a plain-English explanation instantly.

  • Explains technical concepts in everyday language
  • Gives real-world examples relevant to your industry
  • Never suggests how to answer — just helps you understand
  • No technical background required to complete the assessment
AI question helper explaining a cyber security question in plain English during the assessment
Assessment question interface showing radio button answer choices and plain English guidance
After you finish

Available the moment you see your results.

Once your results are in, an AI security advisor can answer any question about what they mean — in plain English, like talking to a security professional. It can even draft a phased action plan from your specific gaps — what to fix first, next, and over time.

  • "Explain my highest risk gap in simple terms"
  • "Walk me through how to fix action #3"
  • "Which gaps are easiest to fix myself?"
  • Ask anything — your advisor knows your specific results
AI Personal Security Advisor chat interface showing results-based guidance after completing the health check

Get the Legal Practice Cyber Health Check

Get My Health Check
$599 + GST
Instant download · 30-day money-back guarantee · Runs entirely on your device

Common Questions

Why are law firms and legal practices targeted by cyber criminals?
Law firms hold privileged communications, sensitive commercial transactions, property conveyancing details, and trust account funds — all in one place. Business email compromise attacks targeting property transactions have resulted in substantial losses when criminals intercept settlement instructions. Trust account fraud, client confidentiality breaches, and ransomware attacks that lock access to client files are all documented threats to Australian legal practices.
What regulatory obligations apply to law firms regarding cyber security?
The Law Society and Legal Services Commissioner in each jurisdiction require solicitors to maintain client confidentiality and take reasonable steps to protect client information. Trust account obligations impose strict controls over client funds. The Privacy Act 1988 applies to practices collecting personal information. PI insurers assess cyber controls, and failing to have adequate protections can affect coverage for cyber-related claims.
What does the Law Firm Health Check cover?
The health check covers practice management system security, email security against business email compromise, trust account protection, client file and document security, remote and mobile access controls, staff access management, conveyancing transaction security, and incident response planning — with questions tailored to the specific risks facing Australian legal practices.
What do I receive after completing the health check?
You receive a professional Word report with prioritised recommendations tailored to law firm risks. The report is suitable for sharing with your firm's principal, IT provider, PI insurer, or Law Society if required as evidence of reasonable steps to protect client information and funds.

View all frequently asked questions →

Further Reading

Resource

Cyber Security for Law Firms and Legal Practices

Why law firms face trust account fraud and BEC attacks, what the Law Society requires, and the controls that protect client confidentiality and funds.

Read the guide