Skip to main content
Featured
Beginner
Information security

Cybersecurity for lawyers

Nathan-Ross Adams Nathan-Ross Adams
Overview
Curriculum
FAQs
  • 21 Sections
  • 187 Lessons
  • 7 Quizzes
Collapse All
M1 | The lawyer’s cyber mandate
10 Lessons3 Quizzes
  1. Why cybersecurity is now your job too
  2. Diagnostic quiz | Are you the weak link?
  3. Your secrets are easier to steal than you think
  4. The big picture: Why cybersecurity isn’t optional
  5. Actions to take first: Don’t buy another gadget
  6. Guard-guide-govern model: The “3 Gs” of lawyer survival
  7. Reflection activity (G-G-G)
  8. Deep Dive A: Duties and expectations
  9. Deep Dive B: Why Lawyers Are Targets
  10. Branching Scenario: The First Hour of a Breach
  11. Deep Dive C: From Reactive to Proactive
  12. Social and peer reflection: Nobody changes alone
  13. Spaced reinforcement: Memory as a service
M2 | Cybersecurity 101
9 Lessons
  1. Introduction
  2. The invisible burglars
  3. Who holds the keys?
  4. The moat is dead, long live the castle
  5. The lawyer as firefighter
  6. Apps: The Trojan horses in your pocket
  7. The global courtroom with no walls
  8. Guarding the family silver
  9. The robot lawyer’s blind spots
M3 | Threats that target legal work
11 Lessons
  1. Lawyers, you’re a juicy target
  2. Threats with a human face
  3. Ransomware: hostage negotiations for client files
  4. Insider threats: The devil you know
  5. Third-party risks: Your vendors are your attack surface
  6. The fancy new stuff (Emerging threats)
  7. Why this hits lawyers harder
  8. Case studies: The cautionary tales
  9. Practical takeaways (aka Tiny nudges that save you)
  10. Interactive game: Spot the scam
  11. End thought: Cybersecurity as theatre
M4 | Cyber hygiene for legal practice
8 Lessons
  1. The psychology of hygiene
  2. The small things with outsized effects
  3. Devices: handbags of data
  4. Email: still the world’s deadliest weapon
  5. Data: declutter, delete, defend
  6. Culture: making hygiene fashionable
  7. The power of stories
  8. Habit beats heroics
M5 | Metadata and redaction risks
10 Lessons1 Quiz
  1. Introduction: The invisible ink problem
  2. Diagnostic quiz
  3. Why metadata is the lawyer’s uninvited witness
  4. Redaction theatre versus redaction reality
  5. Actions to take first (the behavioural hacks)
  6. Deep Dive A: Metadata’s behavioural economics
  7. Deep Dive B: Famous failures and near-misses
  8. Branching Scenario: The deposition disaster
  9. Deep Dive C: Tools, tactics, and taboos
  10. Social and peer reflection
  11. Spaced reinforcement
M6 | Remote and mobile security for hybrid teams
9 Lessons
  1. The mirage of flexibility
  2. The seduction of convenience
  3. The glamour of the gadget
  4. Hybrid teams, multiplied risks
  5. When policy meets psychology
  6. The café case study (interactive story)
  7. Travel as a theatre of risk
  8. Guard, guide, govern (but human-sized)
  9. A final reflection
M7 | Technology competence and professional responsibility
9 Lessons
  1. Act I: The ridiculous double standard
  2. Act II: Competence as theatre
  3. Act III: Why the regulators sound boring but are secretly right
  4. Act IV: The comedy of delegation
  5. Act V: The hidden upside
  6. Act VI: The horror stories (with punchlines)
  7. Act VII: What “competence” actually looks like (spoiler: it’s easier than you think)
  8. Act VIII: The scenario
  9. Finale: The professional paradox
M8 | Global breach laws and notification playbooks
8 Lessons
  1. The confession industry
  2. A tour of the world’s clocks
  3. The psychology of timing
  4. Anatomy of the playbook
  5. Case studies as parables
  6. How to write the perfect breach letter
  7. A branching game
  8. The absurdity revealed
Module 9 | Cyber insurance: coverage, exclusions, claims strategy
10 Lessons1 Quiz
  1. 9.1 | The set-up: “A safety net is only useful if it’s under the trapeze”
  2. 9.2 | Why cyber insurance is both indispensable and misunderstood
  3. 9.3 | Anatomy of a cyber-insurance policy (or, the magician’s deck of cards)
  4. 9.4 | The behavioural traps of coverage and exclusions
  5. 9.5 | Claims strategy as courtroom drama
  6. Branching scenario – The firm that thought it was covered
  7. 9.6 | Strategic use of insurance as leverage
  8. 9.7 | From claims to culture — building a cyber-resilient legal practice
  9. 9.8 | Market intelligence and the future of cyber-insurance
  10. 9.9 | Designing your firm’s cyber-resilience dashboard
  11. Cyber-insurance MCQs
M10 | Sectoral rules: finance, health, public sector, critical infrastructure
9 Lessons1 Quiz
  1. Setting the scene
  2. Diagnostic quiz
  3. The big picture
  4. Deep Dive A: Finance (the paranoid accountant)
  5. Deep Dive B: Health (the nervous surgeon)
  6. Deep Dive C: Public sector (the suspicious bureaucrat)
  7. Deep Dive D: Critical infrastructure (the fragile giant)
  8. Branching scenario: The cascade effect
  9. Social and peer reflection
  10. Spaced reinforcement
M11 | AI, privacy & cyber: shadow AI, model risk, data governance
10 Lessons
  1. The AI intern nobody hired
  2. Shadow AI – the unseen associate
  3. Model risk – confidence tricksters in silicon
  4. Data governance – the unglamorous hero
  5. Deep Dive A: The psychology of “AI as colleague”
  6. Deep Dive B: Regulatory rumblings
  7. Branching Scenario: The shadow memo
  8. From reactive to reframing
  9. Social & peer reflection
  10. Spaced reinforcement
Module 12 | Anatomy of an incident and counsel’s role
5 Lessons
  1. 12.1 | The collapse: recognising the incident
  2. 12.2 | Triage: building order out of adrenaline
  3. 12.3 | The operating room: investigation and containment
  4. 12.4 | Complications: Disclosure, Reporting and Reputation
  5. 12.5 | Recovery and Post-Mortem
Module 13 | Building the incident response plan
10 Lessons
  1. 13.1 | Why You Need an Incident Response Plan (IRP): The Business of Staying Calm in a Crisis
  2. 13.2 | Governance by Design: The Charter, the Roles, the RACI, and the Power to Act
  3. 13.3 | Legal Architecture of the IRP: Privilege, Deadlines, and Regulatory Chess
  4. 13.4 | Behavioural Science in the War Room: Biases, Brains, and the Cost of Overconfidence
  5. 13.5 | The Technical Symphony: Containment, Eradication, and the Pursuit of Clean Recovery
  6. 13.6 | Cross-Disciplinary Coordination: Command, Communication, and the War Room Orchestra
  7. 13.7 | Post-Incident Review and Maturity Modelling: Turning Chaos into Competence
  8. 13.8 | Testing and Validation: From Tabletops to War Games — Making Readiness Real
  9. 13.9 | The Cultural Endgame: From Binder to Behaviour — Embedding the IRP into Organisational DNA
  10. 13.10 | The Lawyer’s Closing Playbook: How Counsel Leads the Response, Protects Privilege, and Restores Trust
M14 | Vendor/third-party and AI risk — DDQs, testing, contractual controls
10 Lessons
  1. Trust outsourced, risk imported
  2. The illusion of safety in checklists
  3. Contracts as cargo cults
  4. Testing and the problem of Schrödinger’s vendor
  5. AI as your new vendor (but weirder)
  6. Behavioural hacks for vendor governance
  7. Deep Dive A: The DDQ dissection
  8. Deep Dive B: Contracts as social signalling devices
  9. Scenario: The vendor who smiled too much
  10. Who do you trust when you outsource trust?
M15 | Working with CISOs/IT — reading reports, shared vocab, decision rights
8 Lessons1 Quiz
  1. The two tribes problem
  2. Diagnostic quiz
  3. The big picture: shared but different incentives
  4. Deep dive A: Reading reports without glaze-eyed boredom
  5. Deep dive B: Building a shared vocabulary
  6. Deep dive C: Decision rights and who owns the red button
  7. Branching scenario: The midnight alert
  8. Social and peer reflection
  9. Spaced reinforcement
M16 | Board reporting — metrics, heatmaps, scenario briefings
10 Lessons
  1. Setting the boardroom scene
  2. The art of translation
  3. Metrics that matter (and metrics that don’t)
  4. Heatmaps as behavioural theatre
  5. Scenario briefings: the lawyer’s edge
  6. Telling the risk story with elegance
  7. The lawyer’s role in board reporting
  8. Branching exercise: the boardroom test
  9. Peer reflection
  10. Spaced reinforcement
M17 | Contract redlining lab — audit rights, warranties, liability caps
9 Lessons
  1. The art of colouring outside the lines
  2. Audit rights — the X-ray clause
  3. Warranties — promises with placebo effects
  4. Liability caps — the poker chip of negotiation
  5. The redlining game
  6. Deep dive: What the ink colour hides
  7. Scenario briefing: The liability crisis
  8. Reflection: the behavioural contract lawyer
  9. Spaced reinforcement
Module 18 | Breach simulation — counsel as breach coach
8 Lessons
  1. 18.1 | The Counsel as Breach Coach — From Firefighter to Architect
  2. 18.2 | Building the Dual-Track Privilege Protocol
  3. 18.3 | Cognitive Bias and the Breach Mind — Debiasing the Decision Room
  4. 18.4 | Crisis Communication and Litigation Dynamics — Counsel as Narrative Gatekeeper
  5. 18.5 | Cross-Border and Multi-Agency Complexity — Counsel as Jurisdiction Navigator
  6. 18.6 | The Live Simulation — Scripted Chaos and Performance Coaching
  7. 18.7 | Debrief and Governance Integration — Turning Simulation into Evidence of Readiness
  8. 18.8 | Institutionalising Resilience — The Breach Coach as Cultural Architect
M19 | Digital forensics & e-discovery security — privilege, chain of custody
9 Lessons
  1. The lawyer as detective in a crime scene made of zeros and ones
  2. Why this matters (and why lawyers underestimate it)
  3. Privilege in the age of terabytes
  4. Chain of custody as theatre and truth
  5. Common pitfalls and behavioural blind spots
  6. Counsel’s playbook
  7. Branching scenario: The tainted hard drive
  8. Reflection and peer exchange
  9. Spaced reinforcement
M20 | Emerging threats: supply chain, quantum, deepfakes, geopolitics
8 Lessons
  1. Why the future always looks silly at first
  2. Supply chain — efficiency as vulnerability
  3. Quantum — the lock that might not fit the key
  4. Deepfakes — when seeing isn’t believing
  5. Geopolitics — law collides with shifting borders
  6. Practical toolkit for lawyers
  7. Interactive scenario — “A week of emerging threats”
  8. Closing reflection
M21 | The lawyer as cyber leader — capstone reflection & personal roadmap
7 Lessons
  1. Opening gambit: The magician reveals the trick
  2. The nudge audit: how far you’ve travelled (and where you still trip)
  3. Reframing leadership: lawyers as unlikely but perfect cyber guides
  4. The capstone case: your own firm in five years
  5. Your personal cyber roadmap (because generic checklists are for auditors)
  6. Ritual closure: the oath, the story, the invitation
  7. Postcard

A 21-module global programme for in-house counsel, GRC professionals, and senior law-firm practitioners

Cybercrime cost the global economy more than US$8 trillion in 2023, and legal teams are increasingly the “soft targets.” A mis-redacted PDF, a careless click, or a weak vendor contract can expose clients, regulators, and boards to risk.

This course equips lawyers to meet their evolving cyber mandate:

  1. to guard client data and privilege;
  2. guide contracts and governance structures; and
  3. govern in the boardroom and with regulators when incidents occur.

Designed by ITLawCo with contributions from leading CISOs and senior lawyers across jurisdictions, this 21-module, 7-week programme combines self-paced lessons, live simulations, and practical toolkits. Participants graduate with not just knowledge, but working artefacts: an incident response plan, board briefing templates, vendor due diligence checklists, and redlined clauses ready for immediate use.

Outcomes

By the end of the programme, participants will be able to:

  • Interpret and apply global ethical and regulatory duties in cybersecurity (ABA, SRA, GDPR, POPIA, sectoral rules).
  • Identify and mitigate cyber threats that specifically target legal practice.
  • Draft and deploy policies, IRPs, and vendor agreements that withstand scrutiny.
  • Communicate cyber risks credibly to boards, regulators, and clients.
  • Lead during incidents, preserving privilege, guiding evidence handling, and steering lawful responses.
  • Anticipate emerging risks (AI, supply chain, quantum, deepfakes) and position their teams strategically.

Structure

  • 21 modules delivered over 7 weeks.
  • Self-paced lessons: concise videos, transcripts, job aids, quizzes.
  • Live intensives: breach simulation, contract redlining lab, board briefing exercise.
  • Toolkits: incident response templates, policy packs, vendor questionnaires, clause libraries.
  • Capstone: personal leadership roadmap + certificate of completion.

Audience

  • General Counsel, Chief Legal Officers, Deputy GCs.
  • Heads of Legal, Compliance, and GRC professionals.
  • Senior law firm partners and associates advising on technology, privacy, or regulated industries.

Time commitment

  • 2–3 hours per week (three modules, plus optional live workshop participation).
  • Delivered in flexible formats designed for busy professionals.

Certification

Participants who complete all modules and the capstone exercise will receive a Certificate of Completion from ITLawCo, documenting professional development in cybersecurity, governance, and legal risk management.

⚖️ This course positions you not as a technician, but as the strategic counsel who can stand steady in the boardroom when the silence comes.

  • FAQs
Collapse All
Who is this course for?
  1. Who is this course for?

    This course is designed for practising lawyers, in-house counsel, legal advisors, and compliance professionals who want to strengthen their cybersecurity fluency. You don’t need to be a technologist — but you do need to care about protecting client data, safeguarding privilege, and staying on the right side of ethical duties.

Do I need a technical background?
  1. Do I need a technical background?

    No. The course assumes zero prior technical knowledge. Think of it less like learning to code and more like learning how to read a balance sheet: you won’t become an accountant, but you’ll know enough to ask the right questions, spot red flags, and protect yourself.

What makes this course different from other cybersecurity trainings?
  1. What makes this course different from other cybersecurity trainings?

    Most cybersecurity courses are built for IT people. This one is built for lawyers. It blends black-letter law, ethical duties, and practical risk management with behavioural insights, storytelling, and real legal scenarios — the things that actually move the needle in practice.

How long will it take to complete?
  1. How long will it take to complete?

    The full course is designed to be completed in around 20–24 hours of structured learning across 21 modules. Each module takes roughly 2 hours and includes exercises, scenarios, and reflection prompts.

Can I do it at my own pace?
  1. Can I do it at my own pace?

    Yes. The course is self-paced and available online. You can binge it in a week or spread it over a few months. Your progress is tracked, and you can revisit materials anytime. However, please note that you only have access ot the course for six months from your enrolment date.

Will this count towards my CPD / CLE hours?
  1. Will this count towards my CPD / CLE hours?

    Yes, in most jurisdictions the course qualifies for Continuing Professional Development (CPD) or Continuing Legal Education (CLE) credit. We provide completion certificates and can assist with jurisdiction-specific accreditation queries.

How practical is it?
  1. How practical is it?

    Very. This isn’t a lecture-only course. You’ll work through branching scenarios (e.g., “The first hour of a breach”), contract redlining labs, board-room simulations, and mock client situations. You’ll leave with templates, playbooks, and checklists you can use the next day.

What will I be able to do at the end of the course?
  1. What will I be able to do at the end of the course?

    By the end you will:

    • Recognise cyber risks unique to legal practice
    • Advise clients confidently on legal and governance duties
    • Draft stronger contracts and breach playbooks
    • Communicate cyber risks to boards and executives
    • Position yourself as the “cyber-savvy lawyer” in your firm or organisation
How do I access the course materials?
  1. How do I access the course materials?

    All materials are delivered through our secure learning portal.

Is there a certificate?
  1. Is there a certificate?

    Yes. Upon completion you’ll receive a Certificate in Cybersecurity for Lawyers, which you can showcase on LinkedIn, your firm bio, or CPD/CLE filings.

What if cybersecurity isn’t part of my current role?
  1. What if cybersecurity isn’t part of my current role?

    It soon will be. Regulators, clients, and professional bodies increasingly expect lawyers to demonstrate tech and cybersecurity competence. Even if you never touch a firewall, you are a custodian of data — and that makes you a frontline actor.

Can my whole team take the course?
  1. Can my whole team take the course?

    Absolutely. We offer firm licences and group pricing so that teams can build a shared vocabulary and capability. In fact, that’s where the biggest benefits lie — when the whole legal function speaks “cyber” fluently.

Is there support if I get stuck?
  1. Is there support if I get stuck?

    Yes. You can ask questions in the private community, access periodic live Q&A sessions, and reach out for help if you need guidance applying the material to your specific practice.

What’s the return on investment?
  1. What’s the return on investment?

    Think of it this way: one preventable breach, one mis-redlined clause, or one regulator fine could dwarf the course fee. This is insurance for your practice, your licence, and your reputation.

Deleting Course Review

Are you sure? You can't restore this back

Course Access

This course is password protected. To access it please enter your password below: