For tri-state law firms · 5–50 attorneys

Cybersecurity built
for law firms.

Insurance-ready, bar-compliant, live in 14 days.

Built for tri-state firms dealing with a cyber insurance renewal, a client security questionnaire, or the recognition that off-the-shelf IT does not cover what carriers and the ABA now ask for.

Get your free Readiness Report See tiers

CyberSuite Readiness Report

Against the Law Firm Cyber Framework v2.0

Sample LLP

Assessment date: May 25, 2026

Engagement ID ENG-20260524-sample-llp-7a3f

Executive summary

Firm: Sample LLP
Primary contact: Margaret Whitcombe, Managing Partner
Report date: May 25, 2026
Report type: CyberSuite Readiness Report
Report version: v2.0
Engagement ID: ENG-20260524-sample-llp-7a3f

This report presents Sample LLP’s posture against the Law Firm Cyber Framework v2.0 as of May 25, 2026. The firm has invested in foundational tools — endpoint protection is deployed, immutable backup runs nightly, and Multi-Factor Authentication is enforced for partners and most staff — but documentation gaps and uneven coverage across personal devices and governance controls would surface in a current cyber insurance application.

Of the 22 controls assessed, the firm passes 9, partially satisfies 7, and has gaps in 6. The gaps that matter most before a renewal submission are written policy, vendor due diligence, patch management, and a written incident response plan with a tested tabletop. None require new tooling; all are addressable in 30 to 60 days.

Overall posture

9 PASS 7 PARTIAL 6 GAP

Headline finding: the firm has 6 documentation and process gaps to address before submitting a cyber insurance application.

Next step: a 45-minute walkthrough with the firm’s managing partner and administrator to align on remediation owners and sequence.

Sample LLP Page 2 of 8 v2.0

The framework

Framework explainer — condensed for this preview; the actual deliverable runs 3 pages per §3.1.5.

The Law Firm Cyber Framework v2.0 is a 22-control set crosswalked to the standards a tri-state law firm is measured against: NIST CSF 2.0, CIS Controls v8 IG1, ABA Model Rule 1.6(c), GLBA Safeguards Rule, and the Cyber Insurance Baseline. Controls also reference the data-breach statutes in NJ, NY, PA, and CT where applicable.

The 22 controls, grouped per Section 2 §2.1

Governance

C-01, C-02, C-03 — 3 controls

Identity & Email

C-04, C-05, C-06, C-07 — 4 controls

Operational & Technical

C-08 through C-22 — 15 controls (endpoint, data & backup, people & vendor, incident readiness)

Each control receives one of three findings: PASS, PARTIAL, or GAP. No numeric score, no percentage gauge — the three-state model matches how carriers and the ABA standard read evidence.

Sample LLP Page 3 of 8 v2.0

Findings by control family

Selected findings (excerpt) — the full report walks all 22 controls with evidence citations.

Governance family

GAP

C-01 — Written Information Security Program

No documented WISP. Required by NY SHIELD Act and ABA Model Rule 1.6(c). A productized CyberSuite WISP template is planned for v1.3.0; in the interim, the WISP itself is firm-led.

Identity & Email family

PARTIAL

C-04 — Multi-Factor Authentication on Email and Identity

Enforced for all partners and 31 of 35 staff. Four staff accounts grandfathered without MFA; carrier baseline requires 100% (required by Cyber Insurance Baseline).

Operational & Technical family

PASS

C-08 — Managed Endpoint Detection & Response

Managed endpoint detection and response with 24/7 SOC validation deployed across all 38 endpoints. Last 90-day triage volume reviewed.

PASS

C-12 — Backup Coverage

M365 mailboxes, SharePoint, and OneDrive backed up nightly to immutable cloud storage; 30-day retention verified.

PARTIAL

C-11 — Personal Device Access Controls

BYOD policy exists informally; no MDM or conditional access enforcement on the ~22 personal phones receiving firm email.

Incident Readiness family

GAP

C-21 — Written Incident Response Plan

No written incident response plan; no tabletop exercise on record (required by Cyber Insurance Baseline). NJ/NY/PA/CT notification statutes also flow from incident response capability.

Sample LLP Page 5 of 8 v2.0

Gaps requiring attention

Ordered by Cyber Insurance Baseline materiality. PARTIAL and GAP findings only; PASS findings are not repeated here.

GAP

C-21 — Written Incident Response Plan

Action: Adopt firm-led IRP (productized CyberSuite template planned v1.3.0). CyberSuite delivers the first tabletop within 30 days at Defense and above.

PARTIAL

C-04 — Multi-Factor Authentication on Email and Identity

Action: Enforce MFA on the 4 grandfathered staff accounts; document tenant policy.

Remediation owner: CyberSuite Engineer

GAP

C-01 — Written Information Security Program

Action: Adopt firm-led WISP (productized CyberSuite template planned v1.3.0); partnership sign-off; review annually.

Remediation owner: Firm operations lead

GAP

C-09 — Patch & Vulnerability Management

Action: Establish patch SLA (Critical 7 days, High 30 days, Standard 60 days); evidence reporting (firm-led; not currently included in any CyberSuite plan).

PARTIAL

C-11 — Personal Device Access Controls

Action: MDM or conditional access on M365 personal devices; written BYOD policy.

Sample LLP Page 6 of 8 v2.0

Recommendations and tier mapping

How each CyberSuite tier addresses this firm’s gaps. Informational — tier recommendation happens in the proposal call.

Control	Current	+ Standard	+ Defense	+ Sentinel
C-04	PARTIAL	PARTIAL	PARTIAL	PARTIAL
C-07	GAP	GAP	PASS	PASS
C-09	GAP	GAP	GAP	PARTIAL
C-11	PARTIAL	PARTIAL	PARTIAL	PARTIAL
C-21	GAP	GAP	PASS	PASS
C-22	PARTIAL	PARTIAL	PASS	PASS

Pattern: Defense closes 3 of this firm’s most material gaps (C-07 awareness training, C-21 incident response plan, C-22 continuous monitoring). Sentinel adds partial coverage on C-09 patch management via SaaS posture monitoring. Governance gaps (C-01, C-03, C-18) remain firm-led across all tiers.

Sample LLP Page 7 of 8 v2.0

What happens next

1 45-minute walkthrough. Managing partner and administrator. We walk every PARTIAL and GAP finding, name the remediation owner, and answer questions. No sales pitch in the meeting.
2 Proposal call (optional). If you would like CyberSuite to close the gaps, we present a tier recommendation grounded in this report.
3 14-day onboarding. If we proceed, day 1 kickoff to day 14 live. The first month is included in the onboarding fee and used for stabilization.
4 Or remediate independently. The report is yours to keep. Many firms use it with their existing IT to close the gaps themselves.

Scope and limitations

This is the CyberSuite Readiness Report defined in §3.1, produced under framework system v2, control library framework-system-v2-section-2.md v1.0.2 (content v2.0), against the Law Firm Cyber Framework v2.0.

Tracks completed: Track A (Assessment) and Track B (governance interview).

This report presents the firm’s posture or plan at the date stated above, as measured against the framework system defined in framework-system-v2-section-1.md and framework-system-v2-section-2.md. It is not a certified audit, a penetration test, a guarantee of insurability or of bar compliance, or legal advice. Decisions about insurance coverage, regulatory compliance, and incident response remain the responsibility of the firm and its advisors.

Report version v2.0 · Generated May 25, 2026

Questions: CyberSuite Account Manager — sales@cybersuite.tech

Sample LLP Page 8 of 8 v2.0

Page 1 of 8

Maps to NIST CSF 2.0 · CIS Controls v8 IG1 · ABA Model Rule 1.6(c) · GLBA Safeguards Rule

If any of these sound familiar

You're not browsing — you have a reason.

Your insurance renewal questionnaire just arrived.

We map your current posture against the carrier's questions and close the gaps before you submit.

Start your readiness report

A peer firm got breached.

We give you a written assessment your managing partner can put in front of the partnership, plus a 14-day path to fix what's exposed.

See the assessment

An enterprise client sent a 47-question security audit.

Your administrator is staring at a spreadsheet. We answer it for you and produce the documentation your client's vendor management team is asking for.

Get your documentation

Service

Three tiers. Public pricing.

Every tier includes 24/7 SOC monitoring, immutable backup, and insurance questionnaire support. Month-to-month with 30-day notice.

Standard

An insurance-ready baseline for firms with no existing security program.

Starting at

$1,450 /mo

Minimum monthly price. Larger firms pay more — pricing scales by user count.

Managed EDR with 24/7 SOC monitoring
Email threat protection
Immutable cloud backup
Insurance questionnaire support
Monthly security report

One-time onboarding: $1,500 one-time

Get started with Standard

Defense

Our most-selected tier. The full program: SOC, training, tabletop, SLA.

Starting at

$2,400 /mo

Minimum monthly price. Larger firms pay more — pricing scales by user count.

Everything in Standard
Security awareness training + phishing sim
1-hour Customer Notification SLA
Semiannual tabletop + after-action report
Dedicated Account Manager

One-time onboarding: $2,500 one-time

Get started with Defense

Sentinel

For firms with regulated data, enterprise clients, or complex M365 environments.

Starting at

$4,450 /mo

Minimum monthly price. Larger firms pay more — pricing scales by user count.

Everything in Defense
Managed SIEM with 24/7 correlation
SaaS Security Posture Management
Full NIST / CIS / GLBA mapping
Quarterly tabletop exercise

One-time onboarding: $5,000 one-time

Microsoft 365 required.

Get started with Sentinel

Monthly minimums shown. Firms over 10 users pay above the minimum. Tier choice is about capability, not headcount.

Compare tiers Full pricing

How we operate

A small specialist team, with operating depth.

100% law firms.

Every email, deck, and report we ship is written for managing partners and firm administrators. We have one practice, and it is legal.

Insurance-ready by design.

Every tier maps to current cyber insurance questionnaire requirements: documented MFA, EDR coverage, immutable backup, training records, written incident response plan.

We own the response.

When an incident hits, our SOC contains it, coordinates with your carrier, and produces the forensic report. Defense and Sentinel include a 1-hour Customer Notification SLA.

By the numbers

24/7

SOC monitoring

8 min

Avg. critical response

1 hr

Notification SLA (Defense, Sentinel)

14 day

Onboarding, start to live

Controls mapped

Frameworks

CyberSuite Readiness Report

Against the Law Firm Cyber Framework v2.0

Sample LLP

Assessment date: May 25, 2026

Engagement ID ENG-20260524-sample-llp-7a3f

Executive summary

Firm: Sample LLP
Primary contact: Margaret Whitcombe, Managing Partner
Report date: May 25, 2026
Report type: CyberSuite Readiness Report
Report version: v2.0
Engagement ID: ENG-20260524-sample-llp-7a3f

Overall posture

9 PASS 7 PARTIAL 6 GAP

Headline finding: the firm has 6 documentation and process gaps to address before submitting a cyber insurance application.

Next step: a 45-minute walkthrough with the firm’s managing partner and administrator to align on remediation owners and sequence.

Sample LLP Page 2 of 8 v2.0

The framework

Framework explainer — condensed for this preview; the actual deliverable runs 3 pages per §3.1.5.

The 22 controls, grouped per Section 2 §2.1

Governance

C-01, C-02, C-03 — 3 controls

Identity & Email

C-04, C-05, C-06, C-07 — 4 controls

Operational & Technical

C-08 through C-22 — 15 controls (endpoint, data & backup, people & vendor, incident readiness)

Sample LLP Page 3 of 8 v2.0

Findings by control family

Selected findings (excerpt) — the full report walks all 22 controls with evidence citations.

Governance family

GAP

C-01 — Written Information Security Program

No documented WISP. Required by NY SHIELD Act and ABA Model Rule 1.6(c). A productized CyberSuite WISP template is planned for v1.3.0; in the interim, the WISP itself is firm-led.

Identity & Email family

PARTIAL

C-04 — Multi-Factor Authentication on Email and Identity

Enforced for all partners and 31 of 35 staff. Four staff accounts grandfathered without MFA; carrier baseline requires 100% (required by Cyber Insurance Baseline).

Operational & Technical family

PASS

C-08 — Managed Endpoint Detection & Response

Managed endpoint detection and response with 24/7 SOC validation deployed across all 38 endpoints. Last 90-day triage volume reviewed.

PASS

C-12 — Backup Coverage

M365 mailboxes, SharePoint, and OneDrive backed up nightly to immutable cloud storage; 30-day retention verified.

PARTIAL

C-11 — Personal Device Access Controls

BYOD policy exists informally; no MDM or conditional access enforcement on the ~22 personal phones receiving firm email.

Incident Readiness family

GAP

C-21 — Written Incident Response Plan

No written incident response plan; no tabletop exercise on record (required by Cyber Insurance Baseline). NJ/NY/PA/CT notification statutes also flow from incident response capability.

Sample LLP Page 5 of 8 v2.0

Gaps requiring attention

Ordered by Cyber Insurance Baseline materiality. PARTIAL and GAP findings only; PASS findings are not repeated here.

GAP

C-21 — Written Incident Response Plan

Action: Adopt firm-led IRP (productized CyberSuite template planned v1.3.0). CyberSuite delivers the first tabletop within 30 days at Defense and above.

PARTIAL

C-04 — Multi-Factor Authentication on Email and Identity

Action: Enforce MFA on the 4 grandfathered staff accounts; document tenant policy.

Remediation owner: CyberSuite Engineer

GAP

C-01 — Written Information Security Program

Action: Adopt firm-led WISP (productized CyberSuite template planned v1.3.0); partnership sign-off; review annually.

Remediation owner: Firm operations lead

GAP

C-09 — Patch & Vulnerability Management

Action: Establish patch SLA (Critical 7 days, High 30 days, Standard 60 days); evidence reporting (firm-led; not currently included in any CyberSuite plan).

PARTIAL

C-11 — Personal Device Access Controls

Action: MDM or conditional access on M365 personal devices; written BYOD policy.

Sample LLP Page 6 of 8 v2.0

Recommendations and tier mapping

How each CyberSuite tier addresses this firm’s gaps. Informational — tier recommendation happens in the proposal call.

Control	Current	+ Standard	+ Defense	+ Sentinel
C-04	PARTIAL	PARTIAL	PARTIAL	PARTIAL
C-07	GAP	GAP	PASS	PASS
C-09	GAP	GAP	GAP	PARTIAL
C-11	PARTIAL	PARTIAL	PARTIAL	PARTIAL
C-21	GAP	GAP	PASS	PASS
C-22	PARTIAL	PARTIAL	PASS	PASS

Sample LLP Page 7 of 8 v2.0

What happens next

1 45-minute walkthrough. Managing partner and administrator. We walk every PARTIAL and GAP finding, name the remediation owner, and answer questions. No sales pitch in the meeting.
2 Proposal call (optional). If you would like CyberSuite to close the gaps, we present a tier recommendation grounded in this report.
3 14-day onboarding. If we proceed, day 1 kickoff to day 14 live. The first month is included in the onboarding fee and used for stabilization.
4 Or remediate independently. The report is yours to keep. Many firms use it with their existing IT to close the gaps themselves.

Scope and limitations

Tracks completed: Track A (Assessment) and Track B (governance interview).

Report version v2.0 · Generated May 25, 2026

Questions: CyberSuite Account Manager — sales@cybersuite.tech

Sample LLP Page 8 of 8 v2.0

Page 1 of 8

The differentiator

The CyberSuite Readiness Report.

A written PDF mapped to NIST CSF 2.0 and ABA Model Rule 1.6(c), showing where your firm passes and where it fails. Free. Yours to keep whether you hire us or not.

→ 30-minute online questionnaire
→ 45-60 minute governance interview
→ Written, branded PDF; 45-minute walkthrough call

Get your free Readiness Report

Honest answers

Questions managing partners ask.

Is this expensive?

CyberSuite is most often compared to a single security tool, and on that comparison, yes, we cost more. The firms we serve are buying a full program: 24/7 SOC monitoring, immutable backup, security awareness training, documented incident response, and the paperwork their insurance carrier and bar association require. The all-in cost of assembling a comparable program in house typically exceeds $3,000 per month before accounting for administrator and partner time.

Can our IT person handle this?

Your IT person stays. CyberSuite is the security layer on top of the IT you already run. Most internal setups do not include 24/7 monitoring by SOC analysts, immutable backup with restore testing, or insurance-grade compliance documentation.

Why don't you offer penetration testing?

Auditor independence. A security vendor cannot credibly assess its own deployment. CyberSuite coordinates scheduling with the pen test vendor of your choice and remediates findings as part of standard tier operations.

Can we start with the lowest tier?

Yes. Standard is a real product, and many firms with 5 to 10 attorneys land there. That said, most firms with an insurance renewal in the next six months are best served starting at Defense.

Are we locked into a long contract?

No. CyberSuite operates month-to-month with 30-day written notice. Qualified deals can receive a 12% discount when prepaying annually (eligibility depends on deal scope; we confirm at proposal). We do not require multi-year commitments, charge exit fees, or claw back onboarding costs at cancellation.

Start with the report.

Free, written, and framework-mapped. Yours to keep whether you hire us or not.

Get your free Readiness Report See pricing

Cybersecurity built
for law firms.

CyberSuite Readiness Report

Executive summary

The framework

Posture at a glance

Findings by control family

Gaps requiring attention

Recommendations and tier mapping

What happens next

Scope and limitations

You're not browsing — you have a reason.

Your insurance renewal questionnaire just arrived.

A peer firm got breached.

An enterprise client sent a 47-question security audit.

Three tiers. Public pricing.

Standard

Defense

Sentinel

A small specialist team, with operating depth.

100% law firms.

Insurance-ready by design.

We own the response.

CyberSuite Readiness Report

Executive summary

The framework

Posture at a glance

Findings by control family

Gaps requiring attention

Recommendations and tier mapping

What happens next

Scope and limitations

The CyberSuite Readiness Report.

Questions managing partners ask.

Start with the report.

Cybersecurity builtfor law firms.

CyberSuite Readiness Report

You're not browsing — you have a reason.

Your insurance renewal questionnaire just arrived.

A peer firm got breached.

An enterprise client sent a 47-question security audit.

Three tiers. Public pricing.

Standard

Defense

Sentinel

A small specialist team, with operating depth.

100% law firms.

Insurance-ready by design.

We own the response.

CyberSuite Readiness Report

The CyberSuite Readiness Report.

Questions managing partners ask.

Start with the report.

Cybersecurity built
for law firms.