Last year alone, cybercrime cost the global economy over $8 trillion, with law firms and in-house teams increasingly singled out as “soft targets”. Studies show that nearly 1 in 4 firms have already suffered a breach, often triggered not by firewalls but by people: mis-redacted files, phishing clicks, or poorly drafted vendor contracts.
For clients and regulators, ignorance is no longer an excuse. Counsel are now expected to spot the risks, redline the contracts, and lead the board through a breach.
This 20-module course is designed to build precisely that capability, shaped with input from leading CISOs and senior lawyers across multiple jurisdictions, ensuring that every lesson balances technical insight with real-world legal practice.
What you will leave with
- Confidence & fluency — explain risks and controls in plain English to boards, regulators, and clients.
- Policies that work — an incident response plan, data security policies, and a cyber risk register you can deploy on day one.
- Stronger contracts — clause libraries for SaaS/AI vendors (audit rights, warranties, liability, breach terms).
- Operational know-how — practise breach response, e-discovery security, and executive communications.
Who it’s for
- General Counsel, Deputy GC, Heads of Legal, Compliance, GRC.
- Partners and senior associates advising on technology, privacy, disputes, or regulated industries.
- In-house counsel seeking a practical, board-facing cyber capability.
(Not designed for vendors or junior practitioners seeking purely technical training.)
The 20-module curriculum (spaced for real life)
Foundations (1–5)
- M1 | The lawyer’s cyber mandate: ethics, fiduciary duty, reputation
- M2 | Threats that target legal work (ransomware, phishing, BEC, AI data leakage)
- M3 | Cyber hygiene for legal practice (email, devices, cloud, client comms)
- M4 | Metadata & redaction risks (hands-on pitfalls and fixes)
- M5 | Remote & mobile security for hybrid teams
Legal & regulatory (6–10)
- M6 | Technology competence & professional responsibility (ABA/SRA/POPIA/GDPR)
- M7 | Global breach laws & notification playbooks
- M8 | Cyber insurance: coverage, exclusions, claims strategy
- M9 | Sectoral rules: finance, health, public sector, critical infrastructure
- M10 | AI, privacy & cyber: shadow AI, model risk, data governance
Governance & strategy (11–15)
- M11 | Anatomy of an incident & counsel’s role
- M12 | Building the IRP (templates + walkthrough)
- M13 | Vendor/third-party & AI risk — DDQs, testing, contractual controls
- M14 | Working with CISOs/IT — reading reports, shared vocab, decision rights
- M15 | Board reporting — metrics, heatmaps, scenario briefings
Applied skills & simulations (16–18)
- M16 | Contract redlining lab — audit rights, warranties, liability caps
- M17 | Breach simulation — counsel as breach coach (insurer, regulator, comms)
- M18 | Digital forensics & e-discovery security — privilege, chain of custody
Future-proofing & leadership (19–20)
- M19 | Emerging threats: supply chain, quantum, deepfakes, geopolitics
- M20 | The lawyer as cyber leader — capstone reflection & personal roadmap
Delivery that respects your calendar
- Self-paced core: concise videos (30–45 min), transcripts, and checklists.
- Live intensives: breach simulation, contract lab, board briefing workshop (small groups).
- Toolkits: IRP, policy pack, clause libraries, vendor DDQs, glossaries, briefing decks.
- Office hours: optional Q&A with ITLawCo advisors.
Suggested cadence: 2 modules/week over 10 weeks (or 1/week over 20 weeks).
Early validation (anonymised, with permission)
“We used the clause set to reopen a stalled SaaS negotiation and secured audit rights in a week.”
— DPO, Global automobile manufacturer
“The IRP template became our board-approved playbook; the simulation gave us muscle memory.”
— Head of Compliance, African insurer
Pricing & access
Standard — $995 | 20 modules (on-demand), checklists & glossaries, certificate of completion.
Professional — $1,495 | Standard + policy pack & clause libraries + live Q&A.
Premium Cohort — $2,495 | Professional + 3 live workshops (breach sim, redlining lab, board briefing). Limited seats for depth and candour.
Teams & Enterprise
- Team (up to 10 seats): $9,500 — includes a private workshop.
- Enterprise: from $35,000 — unlimited seats, custom toolkits, leadership briefing.
(Seats are limited per live cohort to preserve quality.)
Cohort 1 Launch
Cohort 1 opens on 1 November 2025.
Seats are limited. Admission is by application, and not all applicants will be accepted.
This course delivers that capability.
FAQs (brief)
Is this technical?
It’s practical. You won’t configure firewalls; you will learn to ask the right questions, set policy, negotiate protections, and lead through incidents.
Is it jurisdiction-specific?
We teach global principles and provide regional notes (EU/UK, U.S., Africa/APAC) where the rules diverge.
Will it count toward CLE/CPD?
Materials are designed for ethics/tech-competence credit in many jurisdictions. We provide guidance and documentation for submission.
How much time do I need?
~45–60 minutes per module. Live sessions are 2 hours each and scheduled with multiple time-zone options.