top of page

Securing Your Legal Firm's Future: Free Government Funding for Cyber Essentials Plus

Cyber-attacks against Law firms are continuing to rise.

laptop, justice scales

According to the Solicitors Regulation Authority, 75% of Law firms have become the target of a cyber-attack. With the top three most common cyber-attacks being:

  • Phishing – when cybercriminals use scam emails, texts, or phone calls to trick their victims into clicking on a link containing malware or revealing their personal information.

  • Business Email Compromise – a form of phishing where a cybercriminal targets a senior executive into transferring funds or revealing sensitive information.

  • Ransomware – a type of malicious software that prevents you from accessing your computer or data stored on your computer.

The good news is that the National Cyber Security Centre (NCSC) has launched the fully Funded Cyber Essentials Programme - NCSC.GOV.UK to help specific sectors that are at high risk of a cyber-attack, at no cost.


What is the Cyber Essentials Accreditation?

Cyber Essentials is a simple and effective Government-backed scheme, supported by industry experts and the Cyber Resilience Centre Network. Cyber Essentials will help you put measures in place to protect your organisation, against a range of the most common cyber-attacks. This includes protecting against threats such as malware, ransomware, and phishing.



Why do Legal Firms need Cyber Essentials?

The legal sector is an increasingly targeted industry for cyber attackers due to the sensitive and confidential information that the industry handles, including client data, financial information, and legal documents. This information is highly valuable to cyber attackers, who can use it for financial gain or to carry out other malicious activities. With the increasing use of technology in the legal industry, the risk of cyber-attacks has become even more pronounced.


Cyber Essentials can fully or partially mitigate up to 99% of common cyber-attacks. Meaning if you meet the Cyber Essentials standard you are less likely to fall victim to a cyber-attack yourself and you will be able to reassure your customers and trustees that you have recognised the threat, risks and have taken proactive steps to minimise the impact.


Funded Cyber Essentials Programme

All modern businesses are susceptible to cyber-attacks, however, certain organizations face a heightened risk, whether it's due to the possession of sensitive information or being perceived as an effortless target by cybercriminals.


To address this issue, the National Cyber Security Centre (NCSC) has established theFunded Cyber Essentials Program, specifically targeting the most vulnerable sectors. This initiative aims to provide vulnerable organisations with help to implement baseline security controls to prevent the most common types of cyber-attack.


The scheme is designed to lead an organisation through the technical controls required to achieve Cyber Essentials certification, followed by the audit for Cyber Essentials Plus. No previous cyber security certification or experience is necessary.


How do I qualify for the Funded Cyber Essentials Programme?

To qualify for this scheme, your organisation must be: a micro or small business (1 to 49 employees) that offers legal aid services.


Applying organisations must also meet the following criteria:

  • Has not previously participated in the NCSC Funded Cyber Essentials Programme.

  • Does not currently hold Cyber Essentials Plus (CE+) certification, has not been awarded CE+ certification since May 2022 and is not currently in the process of applying for CE+ certification.

If your business or organisation meets the above criteria and you wish to express an interest in the Funded Cyber Essentials Programme, please visit the website of the NCSC’s Cyber Essentials partner, IASME, where you can register your interest.


Further Guidance and Support

Here at the ECRC, we would recommend taking the following proactive steps to enhance your cyber resilience and protect your organization from potential cyber-attacks:

  1. Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses various parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.

  2. Join our community at the Eastern Cyber Resilience Centre; it’s totally free. We can talk to you about your cyber resilience and can offer guidance to free tools that you can implement straight away.

When you join our community, you will receive access to:

  • Our Little steps programme – series of weekly emails which aligns to cyber essentials with bite-sized practical information to build cyber resilience.

  • Threat alerts both regionally and nationally.

  • Signposting to free tools and resources from both Policing and the NCSC.

  • Discussion area to meet and talk to other companies in the region and our partners.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.


Reporting a cyber-attack which isn't ongoing ​

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.


Get in touch

01223 856020

Facebook | Twitter | LinkedIn: @EasternCRC

Instagram: @_EasternCRC


Policing led – Business focused





The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page