top of page

Securing Your Legal Firm’s Future: Free Government Funding for Cyber Essentials Plus

The legal sector is an increasingly targeted industry for cyber attackers. This is due to the sensitive and confidential information that the industry handles, including client data, financial information, and legal documents. This information is highly valuable to cyber attackers, who can use it for financial gain or to carry out other malicious activities. With the increasing use of technology in the legal industry, the risk of cyber-attacks has become even more pronounced.

Hands typing on a laptop

Statistics show that 25% of all law firms have reported being the victim of a cyber-attack. One in ten of these cyber-attacks resulted in money being stolen.

The good news is that the government has launched the fully Funded Cyber Essentials Programme for sectors most at risk.

What is Cyber Essentials Accreditation?

Cyber Essentials is a simple and effective Government-backed scheme, supported by industry experts and the Cyber Resilience Centre Network, that will help you put measures in place to protect your organisation, against a range of the most common cyber-attacks. This includes protecting against threats such as malware, ransomware and phishing. Read more here: Cyber Essentials & Plus Training & Certification ¦ ECRC (

Why do Legal Firms Need Cyber Essentials?

Cyber Essentials can fully or partially mitigate up to 99% of common cyber-attacks. Meaning if you meet the Cyber Essentials standard you are less likely to fall victim to a cyber-attack yourself and you will be able to reassure your customers and trustees that you have recognised the threat, risks and have taken proactive steps to minimise the impact.

Funded Cyber Essentials Programme

All modern businesses are susceptible to cyber-attacks, however, certain organizations face a heightened risk, whether it's due to the possession of sensitive information or being perceived as an effortless target by cybercriminals.

To address this issue, the National Cyber Security Centre has established the Funded Cyber Essentials Program, specifically targeting the most vulnerable sectors. This initiative aims to provide vulnerable organisations with help to implement baseline security controls to prevent the most common types of cyber-attack.

The scheme is designed to lead an organisation through the technical controls required to achieve Cyber Essentials certification, followed by the audit for Cyber Essentials Plus. No previous cyber security certification or experience is necessary.

To be eligible, you must be a micro or small business (1 to 49 employees) that offers legal-aid services.

Unfortunately, funding for the current financial year has seized.

However, IASME are encouraging eligible Legal Firms to express their interest in obtaining funding for the Funded Cyber Essentials Programme by submitting their contact details on the ISAME website here - Funded Programme - Iasme

More details on the Funded Cyber Essentials Programme for next financial year will be released shortly.

Further Guidance and Support

While you wait for the new financial year, consider taking proactive steps to enhance your cyber resilience and protect your organization from potential cyber-attacks:

  1. Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses different parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.

  2. Join our community at the Eastern Cyber Resilience Centre; it’s totally free. We can talk to you about your cyber resilience and can offer guidance to free tools that you can implement straight away.

When you join our community, you get:

  • Threat alerts both regionally and nationally

  • Signposting to free tools and resources from both Policing and the NCSC

  • Little steps programme – series of weekly emails which aligns to cyber essentials with bite-sized practical information to build cyber resilience

  • Discussion area to meet and talk to other companies in the region and our partners

  • Support from the ECRC team

We also work with local university students, who are trained and mentored by senior ethical hackers, to deliver affordable services designed especially for small and medium businesses. So, when you're ready for an insight into if you have common vulnerabilities, are sharing a little too much online or want to review your policies and practices think of us.

Get in touch

You can contact the Cyber Resilience Centre for guidance and support through our e-mail or use our online booking system to make an appointment with one of our team.

How to report cybercrime

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online.

Forward suspicious emails to

Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad)


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page