Centre For Cybersecurity Institute Centre For Cybersecurity Institute
Menu
Corporate training · Legal

Cyber awareness training for law firms

Your firm runs on privileged communications, client funds and confidential instructions. Attackers know it. We train every fee earner and staff member to catch the attacks that filters miss, and we measure the change.

Why law firms get targeted

These are the attack patterns we train against in this sector, drawn from live campaigns rather than textbook examples.

Spoofed client instructions

Fake filing notices, forged client emails and compromised counterparty threads that redirect completion funds or harvest credentials at the worst possible moment.

Payment fraud in conveyancing and M&A

Business email compromise targeting escrow and completion payments, where a single convincing bank-detail change can cost more than a year of fees.

Privilege and data exposure

Global firms have suffered ransomware and data-exposure incidents in recent years. For a firm, leaked matter files are not just a PDPA problem; they are an existential trust problem.

AI-enabled impersonation

Deepfake voice notes and AI-written spear phishing make "the client called to confirm" a dangerous sentence. Your people need to know the verification habits that hold.

The rules your people operate under

Training is the control every one of these frameworks expects, and our engagement report is the evidence they ask for.

PDPA

Protection and accountability obligations over client personal data, with staff training the first arrangement regulators look for.

Professional conduct

Confidentiality duties under the Legal Profession (Professional Conduct) Rules 2015 extend to how your people handle email, devices and files.

Client audits

Corporate and financial-sector clients increasingly send security questionnaires to their panel firms. Training evidence is a standard ask.

Cyber Essentials Mark (Singapore, CSA)

The national baseline certification expects employees to be equipped as the first line of defence. Our report is your evidence.

Tailored curriculum

What we build for law firms

Everything in the core Cyber Safety workshop, live hacking demonstrations included, plus sector-specific depth:

  • Phishing analysis drills built from real lures used against law firms: fake court filings, spoofed client instructions and counterfeit counsel correspondence
  • Payment fraud scenarios for conveyancing, M&A and client-account teams
  • Protecting privileged communications on email, mobile and chat
  • Safe use of AI tools in legal work: what can and cannot leave the firm
  • Incident reporting and breach-notification duties in a law firm context
Always included
  • Pre-workshop consultation
  • Post-training phishing simulation
  • Before-and-after awareness measurement
  • Board-ready engagement report
  • Certificates for all participants

Measured results

70%

reduction in phishing incidents across recurring yearly workshops

Over the years we have seen a 70% reduction in phishing incidents, thanks to the vigilance these yearly workshops build.
200+ employee organisationRecurring annual client, Singapore
+54.5%

lift in self-rated staff awareness in a single session, NPS +50 with zero detractors

SustinereSustainability consultancy, Singapore

Where to start

Most Singapore firms fit the Essentials annual programme: a firm-wide half-day, a refresher, two phishing simulations and a report your managing partner can table. Multi-office firms typically run one session per office.

Pilot Workshop

Your first engagement, any team size

From S$2,800single session
  • Live 2-hour virtual (S$2,800) or half-day on-site workshop (S$5,400)
  • Curriculum tailored to your sector in a pre-workshop consultation
  • Live hacking demonstrations and hands-on exercises
  • Post-training phishing simulation with analytics
  • Board-ready engagement report and debrief

The pilot fee is credited in full against any annual programme signed within 90 days.

Scope this with us
Recommended for you

Essentials

Organisations up to 300 staff

S$19,500per year
  • One on-site half-day workshop plus one virtual refresher
  • Two phishing simulations with analytics
  • Four quarterly 30-minute virtual threat briefings
  • Annual board-ready report for auditors and insurers
Scope this with us
See every programme and the cost estimator

Legal questions, answered

Can you train fee earners and support staff together?

Yes, and we recommend it. Attacks enter through secretaries, finance and paralegals as often as through lawyers. We run mixed sessions with role-specific scenarios, or separate sessions per office where headcount suits it.

Do you cover our duties under the Legal Profession rules?

Yes. The compliance module maps everyday behaviour to your confidentiality duties under the Legal Profession (Professional Conduct) Rules 2015 and the PDPA, in plain language rather than legalese.

Our firm has under 50 people. Is this still for us?

Yes. Smaller firms usually start with a single half-day workshop with the phishing simulation and report included, and move to the annual programme if they want year-round reinforcement.

Will this satisfy client security questionnaires?

The engagement report documents what was trained, who attended and how behaviour measured before and after, which is exactly the evidence most client questionnaires and panel reviews ask for.

Not sure where you stand? Take the free two-minute check: Do I need cyber awareness training for my team?

Ready to train your legal team?

Book a 30-minute scoping call. We will map your headcount, sites and regulatory context to the right format and give you a clear quote.

Chat with us