top of page

Free 2-Week Security Assessment for California Law Firms: 25–40 Page Report Mapped to 2026 Cyber Insurance Attestation

  • Writer: Nick Curran
    Nick Curran
  • 8 hours ago
  • 4 min read

nicwerks runs a free two-week security assessment for California law firms — open to non-clients, with no obligation and no upsell. You receive a 25–40 page written report, a 60-minute findings call, and a gap list mapped to the 2026 cyber insurance attestation form, ABA Model Rule 1.6(c), and CCPA/CPRA. We have run this assessment for LA-area law firms since 1999. The point is to give the managing partner a defensible written record of the firm's current security posture — even if the firm never engages nicwerks for remediation. Most firms walk away with a clearer picture of what their carrier will ask at renewal and what the bar would expect after an incident.

The problem we solve

Most California law firm partners cannot answer three questions on demand: (1) Is every account, including service accounts, MFA-protected? (2) What percentage of endpoints have working EDR, and when was the last false-positive review? (3) When was the last successful immutable-backup restore test, and where is the documented evidence? Those are the three questions the cyber insurance carrier will ask at renewal and the breach coach will ask after an incident. The ABA's 2024 Legal Technology Survey found 29% of firms had a breach in the prior year — and the post-incident forensics regularly find the firm thought it had controls it did not. The assessment closes that gap before it matters.

What's included

  • Discovery week (week 1) — interviews with the managing partner, practice administrator, and current IT lead; tenant audit (Microsoft 365 or Google Workspace); endpoint inventory; backup architecture review; external attack-surface scan.

  • Reporting week (week 2) — gap analysis written up against the 2026 cyber insurance attestation, ABA Formal Opinion 477R/512, CCPA/CPRA, and HIPAA where applicable.

  • 25–40 page written report — executive summary for the managing committee, technical detail for the IT lead, and a remediation priority list with cost ranges.

  • 2026 carrier attestation crosswalk — every gap mapped to a specific question on the AmTrust, Beazley, Chubb, Coalition, Corvus, Hiscox, or Travelers attestation form.

  • ABA Rule 1.6(c) and California State Bar guidance review — including AI use, vendor management, and supervision under Rules 5.1 and 5.3.

  • 60-minute findings call with the managing partner and IT lead, with the report walked through page-by-page.

  • No-obligation remediation scope — if the firm wants nicwerks to fix the gaps, we provide a fixed-fee scope. If not, the report is yours and the engagement ends.

For the controls we typically deploy after the assessment, see cybersecurity for law firms and compliance & cyber insurance readiness.

Why law firms choose nicwerks

Since 1999, LA-headquartered, law-firm-specific. We do not run this assessment for HVAC companies — only law firms, and we have done hundreds of them across LA County. Free and open to non-clients. No credit card, no contract, no minimum engagement. Defensible written deliverable. A 25–40 page report you can hand to the broker, the managing committee, or your malpractice carrier. No long-term contract if you do choose to engage us afterward.

How long does the assessment take?

Two weeks total — one week of fieldwork (interviews, tenant audit, endpoint inventory, external scan, backup review) and one week of analysis and report drafting. Time on the firm's calendar is minimal: a 60-minute kickoff with the managing partner, a 90-minute working session with the IT lead, brief check-ins as needed, and the 60-minute findings call at the end. Total partner and administrator time over the two weeks is typically four to five hours.

Do we need to be a current nicwerks client?

No. The free security assessment is open to non-clients and is the most common way LA-area law firms first work with nicwerks. There is no obligation to engage us for remediation afterward — the report is yours regardless. About a third of assessment recipients hire nicwerks for remediation, a third take the report and use their existing IT vendor or in-house team to close the gaps, and a third find the gap list small enough to address themselves.

What deliverable do we get?

A 25–40 page written report plus a 60-minute findings call. The report includes an executive summary written for the managing committee, a technical-detail section for the IT lead, a gap list prioritized by risk and remediation cost, a 2026 cyber insurance attestation crosswalk, and an ABA Rule 1.6(c) and California State Bar guidance compliance review. The report is delivered as a PDF with an editable appendix the firm can use directly in its next carrier attestation submission.

Can the assessment satisfy a cyber insurance request?

Yes. The assessment maps every finding to the 2026 carrier attestation questions used by AmTrust, Beazley, Chubb, Coalition, Corvus, Hiscox, and Travelers. Firms with renewal in the next 60 days frequently use the assessment as the document the broker submits alongside the attestation form. The report is independent — nicwerks is the assessor, not the firm's MSP at the time of the assessment, which gives the document a level of independence carriers value.

Start your free assessment

There is no commitment and no fee. You schedule the kickoff, we run the two weeks, you receive the report. From there it is your call.

 
 
 

Recent Posts

See All

Comments

Commenting on this post isn't available anymore. Contact the site owner for more info.
bottom of page