SMB1001 Cybersecurity Standard

Strengthen Your Firm’s Cybersecurity with SMB1001

The SMB1001–2025 Cybersecurity Standard gives small and medium-sized practices a clear, achievable framework to strengthen their defences and demonstrate due diligence.

Why QLS Supports SMB1001

Law firms have an ethical duty to take “reasonable steps” to protect the confidentiality of client information, and ensure their systems are as secure against threats and fraud as possible.

However, what counts as “reasonable” can vary widely depending on firm size, resources and the nature of the information held. Stakeholders such as insurers, particular clients and digital platform providers may also have specific requirements which you agree to contractually.  

The SMB1001Cybersecurity Standard has been developed specifically to help small and medium businesses - including law firms - navigate these challenges using a clear, achievable framework for cyber resilience.

By supporting this standard, QLS is helping members take practical steps to:

  • Protect confidential client information
  • Reduce exposure to cyberattacks and fraud
  • Demonstrate due diligence to insurers, clients, and regulators
  • Build trust through verified, proactive cybersecurity practices

Important: Implementing the SMB1001 standard does not create a “safe harbour” or guarantee protection against cyber incidents. However, it does provide a strong, evidence-based foundation for demonstrating that your firm is taking appropriate and reasonable steps to safeguard data and systems.

Benefits for law practices

Adopting the SMB1001 standard delivers several long-term benefits for law practices, including:

  • A clear roadmap for improving cybersecurity, regardless of firm size or technical expertise
  • Efficient use of security budget by focusing on what matters most
  • Access to certification, offering tangible evidence of your firm’s cybersecurity maturity
  • Improved insurability and confidence when working with insurers 
  • Enhanced credibility with clients, courts, and technology partners

“Law firms have an ethical duty to take reasonable steps to protect the confidentiality of client information. Unfortunately, criminals won’t wait for the day you have time to sort it out — and being a small practice is no defence. SMB1001 provides an accessible, cost-effective foundation to strengthen your firm’s cybersecurity position and demonstrate your commitment to client care.” – David Bowles, Special Counsel, Ethics

How can my firm become certified?

To make implementation simple, SMB1001 certification subscription is available through CyberCert - an independent certification body.

QLS members can visit the CyberCert website at any time to learn more about the certification process and sign up.

Become Certified

The SMB1001 Tiers

SMB1001 certification is offered at multiple levels, allowing firms to progress at a manageable pace. QLS recommends members work towards achieving Gold certification as a reasonable standard for robust cybersecurity and professional assurance.

Each tier builds on the previous one - improving your firm’s defences, efficiency, and resilience against cyber threats.

Get the right support

For certifications from Sliver and above you will need to work with a provider who is also certified to the same level. You can search for a certified Technical Support Specialists on the CyberCert website. 

Find Technical Support