Legal, Accounting & Advisory
The work is good. The client wants proof you can protect it
Security support for NZ law firms, accountants, and advisory practices — written for the 5:52pm trust-account instruction, the senior partner who still forwards files to Gmail, and the Law Society question that needs answering in one sentence.
Sector Reality
The question a customer or insurer asks before the deal
It rarely starts with a breach. It starts with a client counsel asking who has seen the engagement file outside the partner group
Waiting costs more in professional services. A client confidentiality query becomes a legal hold. A PI insurer renewal becomes a higher premium with a new carve-out. A Law Society or CAANZ complaint becomes an investigation. Every week of waiting narrows the options for closing it cleanly
Common Pressure Points
Where the questions cluster before the deal lands
Where the client, the PI insurer, the managing partner, and the practice manager all ask for proof of who has touched the file
The senior partner still forwards client files to his personal Gmail from the Koru Lounge
He's been doing it for twelve years. The phone looked off, the firewall was tight, and the client was about to board a plane. Every firm has one partner who treats security rules as optional, and every firm's lawyers know exactly who he is. When his account gets compromised, the privileged data goes with it — and the client finds out before you do.
A 'change of solicitor' email asks you to redirect the settlement funds
It's carefully written. It has the right names, the right matter number, and enough context to look normal. NZ firms lose six figures to this attack every year, and Law Society discipline doesn't forgive 'we didn't know' — especially on trust-account money the firm was holding for a client.
Who owns security in the firm? How fast can you say?
If the Law Society, Chartered Accountants ANZ (CAANZ), or a regulator asked right now who in the firm owns information security and decides what happens when something goes wrong, most firms would have to go and think about it first. That hesitation is the finding. The answer is meant to be ready, attached to a named person with authority.
The trust-account instruction arrived at 5:52pm on a Friday
It's the moment the attack is designed for. The partner is travelling, the support staff are closing out the week, the money is waiting. Without a two-person sign-off rule and a cooling-off window, a single spoofed instruction can move six figures out the door before anyone comes back to work on Monday.
Standards That Apply
The evidence that ends the questionnaire loop
Common obligations and buyer expectations
Relevant Services
First month: baseline, ownership, and one piece of evidence
The first move: a client-file access register, a tested legal-hold response, and one piece of evidence for the next PI renewal or CAANZ review
Track The Suppliers That Could Expose The Business
Track supplier security risk in one place so onboarding, renewals, and exceptions stop living in scattered emails and spreadsheets.
Stop rewriting the same questionnaire for every deal
Answer customer and partner security questionnaires without slowing deals down or rebuilding the response every time.
Stop Maintaining Policies Nobody Actually Reads
Put the policies the business actually needs in place, keep them current, and stop policy work turning into an annual scramble.
Pass The Insurance Renewal Without A Three-Week Scramble
Prepare the business for cyber-insurance applications and renewals with clearer control evidence, cleaner questionnaire answers, and fewer surprises from underwriters.
See What Information Runs The Business
Know which information loss would hurt first, who owns it, and where it sits before security, privacy, or continuity decisions get made in the dark.
Know Who Gets Told, When, And What, The Moment A Breach Hits
Get the business ready to respond to a privacy breach with a practical plan, decision guide, and rehearsal before the real call comes in.
Questions We Hear
The questions every discovery call opens with
We're a small firm — can we really afford dedicated security support? +
Business email compromise stole $152.6 million from Australian organisations in FY2024 alone — a 66% increase — with professional services among the top targets. In NZ, a single firm (ACK Contractors) lost $668,000 to invoice fraud. A trust account compromise or client data breach can cost more than years of consistent security support. Support starts from $1,750 a month — a fraction of a single incident, and far less than the professional indemnity consequences of a preventable breach.
Our IT provider already handles our security — isn't that enough? +
Your IT provider keeps your systems running, and they're good at it. But legal privilege, Law Society expectations, security questionnaire responses, policy work, and Privacy Commissioner breach readiness aren't IT tasks. They sit outside what your IT provider is hired to do — and they're exactly what clients and regulators ask about.
We haven't had a security incident — why invest now? +
Invoice-redirect fraud is the number-one attack vector targeting professional services globally, and NZ small businesses are already reporting cyber threats at scale. Your largest clients aren't waiting for you to have a breach — they're sending security questionnaires now. Firms that can't respond credibly are already losing work to firms that can. The investment isn't about reacting to an incident; it's about keeping and winning client relationships.
Will this help us respond to client security questionnaires? +
Yes — that's one of the most immediate benefits. Our Security Questionnaire Response Engine gives you a maintained library of evidence-backed answers you can deploy when clients or prospects send due diligence requests. Most firms go from dreading these questionnaires to completing them in hours instead of weeks.
What Usually Happens Next
Have the proof ready before the next corporate client or trust-account email asks for it
If client questionnaires, a trust-account scare, or a Law Society expectation is already pulling partner time, we'll help you sort what to document, who owns it, and what can be reused — so the next request is an hour of work, not a fortnight of scramble.