Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

    • Lawscot Tech

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Equality and diversity

Journal logo
  • PRACTICE

    PRACTICE

    • Practice

    • Corporate law

    • Criminal law

    • Employment law

    • Environment law

    • Family law

    • Industry updates

    • Intellectual property

    • Property law

    • Technology law

    • Technology and innovation

    • Practice

    • Corporate law

    • Criminal law

    • Employment law

    • Environment law

    • Family law

    • Industry updates

    • Intellectual property

    • Property law

    • Technology law

    • Technology and innovation

  • PEOPLE

    PEOPLE

    • People

    • Equality, diversity & inclusion

    • Ethics & professional responsibility

    • Obituaries

    • Wellbeing & support

    • Noticeboard

    • From the President's desk

    • People

    • Equality, diversity & inclusion

    • Ethics & professional responsibility

    • Obituaries

    • Wellbeing & support

    • Noticeboard

    • From the President's desk

  • CAREERS

    CAREERS

    • Careers

    • Job board

    • Leadership

    • Management

    • Skills

    • Training & education

    • Careers

    • Job board

    • Leadership

    • Management

    • Skills

    • Training & education

  • KNOWLEDGE BANK

    KNOWLEDGE BANK

    • Knowledge Bank

    • Book club

    • Interviews

    • Sponsored content

    • Next generation

    • The Future of Law on our High Streets

    • In-House – Behind the Scenes

    • Space — Scotland's Next Legal Frontier

    • 2026 Employment & Salary Survey

    • Knowledge Bank

    • Book club

    • Interviews

    • Sponsored content

    • Next generation

    • The Future of Law on our High Streets

    • In-House – Behind the Scenes

    • Space — Scotland's Next Legal Frontier

    • 2026 Employment & Salary Survey

  • ABOUT THE JOURNAL

    ABOUT THE JOURNAL

    • About the Journal

    • Contact us

    • Journal Editorial Advisory Board

    • Newsletter sign-up

    • About the Journal

    • Contact us

    • Journal Editorial Advisory Board

    • Newsletter sign-up

SPONSORED: Why law firms should invest in a cyber incident response simulation

6th July 2026 Written by: Lindsay Hill, solicitor and CEO of Mitigo Cyber Risk Management

Cyber resilience requires firms to have a proven and workable incident response plan that gives them the best chance to survive and recover from a serious cyber breach. This article is aimed at senior leadership teams and those involved in managing risk and compliance, not your IT providers.

An incident response simulation is a structured exercise that walks key decision-makers through a realistic cyber scenario, usually led by an independent facilitator with experience of cyber-attacks. The objective is to test readiness, expose weaknesses, clarify responsibilities and identify gaps in response processes to help the organisation understand the likely operational impact of an incident before it happens. You do not want to be discovering the effectiveness of your plan during a real breach.

Best practice

A cyber-incident response plan gives a business its best chance of containing disruption, making sound decisions under pressure and recovering from an attack. Without a tested plan, organisations are forced to make critical decisions in real time, often when systems are unavailable, information is incomplete and the commercial, legal and reputational stakes are high.

That’s why incident response plans must be tested in real-time and not simply written down. Simulation exercises help organisations identify gaps before a real attack does, including discovering that backups will not restore properly, clarifying who owns staff and client communications, or confirming what external advisers and service providers will actually do in a crisis. They turn a document into something operational.

Compliance requirements

There are also clear legal and regulatory compliance drivers. Data protection obligations under the UK General Data Protection Regulation mean organisations must test, assess and evaluate the effectiveness of their technical and organisational measures. The Information Commissioner’s Office (ICO) has made it clear that this includes testing incident response arrangements and retaining evidence of that testing.

The Law Society of Scotland expects regulated firms, as a minimum, to comply with law and regulation.

The government’s open letter to business leaders, dated 15 April 2026, states that business leaders should plan and rehearse how their organisation would respond to a significant incident and reminds leaders that this is a board-level matter, not an issue to be delegated to the IT team.

The Cyber Governance Code of Practice calls for board executives and non-executives to gain assurance that there is at least yearly testing involving key stakeholders, with lessons learned fed back into the plan and risk assessments.

Bear in mind that in the event of a breach, the ICO will take all such guidance into account when determining the fine.

Key business benefits

There can also be a financial benefit. Some professional indemnity insurers are taking a closer look at whether organisations run regular cyber simulations when assessing risk and setting premiums.

In addition, a simulation will:

• reduce disruption by rehearsing the response before a live incident

• find weaknesses in systems, processes, communications and third-party dependencies while there is still time to fix them

• improve decision-making by giving senior leaders practice in handling uncertainty, time pressure and competing priorities

• clarify roles, escalation routes and reporting obligations across the organisation, and

• support regulatory, governance and insurance expectations with evidence that the plan has been tested.

Lessons from the field

From our experience advising firms, what separates a confident response from a chaotic one is not just whether a firm has a plan, but if the right people understand it and know their role in it.

The gap between having a plan and being able to execute it is where many organisations struggle during a live incident. There may be uncertainty over who to contact, who owns key decisions or when reporting obligations to the regulators or clients are triggered. Firms that practise their response tend to communicate better under pressure, think more clearly and coordinate more effectively across teams.

Communications planning is one of the most underdeveloped areas we see when organisations run their first incident response simulation. Planning often focuses, understandably, on technical containment and recovery, but decisions about who speaks to staff, clients, regulators and the media are just as important to how an incident is managed and perceived internally and externally.

Firms also often discover that their assumptions about third-party providers are wrong, whether that means unclear responsibilities, slow response times or less support than they believed would be available during a crisis.

Many organisations have no recent evidence that their restoration processes will work at the speed and scale a real incident demands. A backup that has never been tested isn’t reliable; it’s just an assumption. In practice, many backups are not configured correctly and may fail to restore systems quickly, or at all, in an emergency. If backups are not properly separated from the live environment, ransomware may encrypt them too. This is often one of the most significant risks to recovery, with direct consequences for downtime, revenue and reputation.

Cyber incident simulations build organisational muscle memory. When an incident occurs, teams are not starting from zero. They are responding to a situation they have already worked through.

How Mitigo can help

Mitigo provides law firms across the UK with independent and impartial assurance that their cyber risk management is effective, proportionate, and aligned with their regulatory obligations. We do not sell hardware or software.

Our incident response simulations are designed for senior leadership teams. To discuss running an incident response simulation tailored to your firm, get in touch with the Mitigo team.

To discuss running an incident response simulation tailored to your firm, get in touch with the Mitigo team.

Written by Lindsay Hill, solicitor and CEO of Mitigo Cyber Risk Management

SPONSORED: Why law firms should invest in a cyber incident response simulation

6th July 2026
Cyber resilience requires firms to have a proven and workable incident response plan that gives them the best chance to survive and recover from a serious cyber breach, writes Lindsay Hill, solicitor and CEO of Mitigo Cyber Risk Management.

Weekly roundup of Scots law in the headlines including calls to scrap Lord Advocate's dual role — Monday July 6

6th July 2026
You weekly roundup of Scots law in the headlines including an announcement by the Law Society of Scotland calling on the government to consult on changing the role of the Lord Advocate.

The end of the affair: Are partnerships no longer lawyers’ chosen corporate relationships?

3rd July 2026
Will the traditional partnership structure still appeal to lawyers in years to come? Peter Ranscombe reports.
About the author
Add To Favorites

Additional

www.production5.co.uk
https://lawware.co.uk
https://yourcashier.co.uk/

Related Articles

Weekly roundup of Scots law in the headlines including calls to scrap Lord Advocate's dual role — Monday July 6

6th July 2026
You weekly roundup of Scots law in the headlines including an announcement by the Law Society of Scotland calling on...

Weekly roundup of Scots law in the headlines including new CCTV footage contradicting prison death evidence — Monday June 29

29th June 2026
You weekly roundup of Scots law in the headlines including previously unseen footage of a man who died after being...

Weekly roundup of Scots law in the headlines including new Lord Advocate confirmed — Monday June 22

22nd June 2026
You weekly roundup of Scots law in the headlines including the appointment of a new Lord Advocate as well as...

Journal issues archive

Find all previous editions of the Journal here.

Issues about Journal issues archive
Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: [email protected]
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2026
Made by Gecko Agency Limited