HackFirstAidLaw Firms

Services & Pricing

Productized packages, not consulting hours.

Partners and administrators need to predict the expense and the timeline. Every offering below is a fixed-fee package, a per-seat license, or a monthly retainer. Annual billing, calendar-year-aligned by default.

Bundled tiers

Pick the anchor that fits your firm.

1–10 attorneys

Solo & Small Firm

$4,800 / year

Up to 15 staff + each household

Risk Assessment · WISP · one OCG/questionnaire response/yr + reusable library · awareness training (15 seats) + monthly phishing · trust-account wire-fraud controls · free triage · household coverage.

Start Solo & Small →
Most popular

11–50 attorneys

Mid-Size Firm

$12,000 / year

Up to 60 staff + each household

Everything in Solo & Small · up to 3 questionnaire responses/yr · one tabletop/yr · 8 hrs incident advisory/yr · quarterly review with managing partner + MSP · Breach Readiness Pack.

Engage Mid-Size →

51–100 attorneys; multi-office

Regional / Large Firm

From $24,000 / year

Up to 120 staff + each household

Everything in Mid-Size · unlimited questionnaire responses · two tabletops/yr · priority incident advisory · monthly reviews + management-committee briefings + SOC 2 readiness · per-office vendor/co-counsel reviews.

Talk to Travis →

Available add-ons

IR Retainer

From $6,000 / year

Named on-call IR lead, SLAs, quarterly drill, annual tabletop, Opinion 483 guidance.

Ask about IR Retainer →

vCISO

From $1,500 / month

Ongoing security oversight, quarterly partner reviews, MSP coordination, audit-prep.

Ask about vCISO →
What’s not included at any tier
  • No legal advice. We are a security advisory and incident-response-readiness service, not a law firm. Nothing we provide constitutes legal advice, and engaging us creates no attorney-client relationship.
  • Forensic investigation, malware reverse-engineering, and litigation-grade evidence collection (we coordinate with a DFIR partner when needed).
  • Custody of client data, trust funds, or original incident evidence.
  • 24×7 SOC monitoring (referred to a partner when required).
  • Bar-counsel representation, malpractice defense, or any regulator-facing legal filings.

All prices USD. Annual billing, calendar-year-aligned by default. No per-seat metering inside the listed staff caps.

What’s included

Four pillars, across every tier.

  • Risk assessment & client readiness

    The hook pillar. Outside Counsel Guidelines responses are the wedge — a recurring, revenue-threatening event that pulls the firm into the full assessment.

    • Firm Security Risk Assessment (CIS v8.1 / NIST CSF)
    • Outside Counsel Guidelines & questionnaire response
    • Written Information Security Program (WISP)
    • Cyber & LPL insurance application support
    • Trust-account wire-fraud control setup

  • Security awareness for legal staff

    Generic phishing training fails legal staff. We use the lures legal staff actually see — wire-instruction changes, fake e-filing notices, opposing-counsel impersonation.

    • Legal-staff awareness program
    • Phishing simulation with legal-realistic lures
    • Wire-fraud-specific staff training
    • Practice-area add-ons (real estate, PI, estate, CJIS)

  • Incident response & breach readiness

    Sold as a retainer because the value is in availability. Firms that buy IR after the wire has left pay far more and often miss the recall window.

    • Named on-call IR lead with 2-hr business SLA
    • Tabletop exercises tuned to firm systems
    • Breach Readiness Pack (notification templates, runbooks)
    • Opinion 483 notification guidance

  • Managed security / vCISO

    Ongoing security oversight without an in-house hire. Monthly retainer with quarterly partner reviews and MSP coordination.

    • Quarterly review with managing partner & MSP
    • WISP kept current, OCG response support
    • Management-committee briefings
    • Vendor / co-counsel risk review

Personal coverage for every attorney’s household. Included.

Attorneys and staff go home as elevated identity-theft targets — high income, public bar records, a target-rich employer. Personal-tier HackFirstAid is bundled into every paid firm subscription at no extra cost, for every named person’s household. Same model boards, leadership, and medical subscribers have had since day one.

Free, always available

Triage is free.

If you think you have an incident — especially if money has just moved — the first call costs nothing.

Contact us