Skip to main content

Security outcomes for small professional services firms

Anonymized examples of how Battice Systems engagements work in practice — what the client situation was, what was done, and what changed.

Law Firm · 14 Attorneys · Chicago

From undocumented environment to passed cyber insurance audit in 11 weeks

The situation

A 14-attorney litigation firm in Chicago had never failed a cyber insurance questionnaire — because they had never fully completed one. Their prior carrier used a simplified application. At renewal, they were moved to a standard application by a new underwriter and couldn't answer the MFA enforcement, EDR coverage, and backup restore questions with any documentation. Their broker referred them to Battice after the carrier flagged the gaps.

What was missing

  • No MFA enforcement documentation — policy existed, no evidence it applied to all users
  • EDR deployed by IT vendor but no coverage report or alerting confirmation on file
  • Backups running but immutability not configured and no restore test in 18 months
  • No incident response plan
  • No written IT documentation — no network diagram, no device inventory

What Battice delivered

  • MFA enforcement audit and Conditional Access configuration documentation
  • Coordinated with existing IT vendor to produce EDR coverage report
  • Backup immutability configured and restore test scheduled and documented
  • Written incident response plan with tabletop exercise notes
  • Network diagram, device inventory, and access documentation package

Outcome

The firm submitted their renewal application with a complete evidence folder eleven weeks after engagement start. The carrier issued coverage without a premium increase. The managing partner noted that the documentation package also satisfied a client due diligence request they received two months later.

11 weeks

Intake to audit-ready

Tier 1 → 3

Services engaged

0%

Premium increase at renewal

Solo MSP · 3 Technicians · Dallas

Documentation baseline built for 22 client sites before a planned exit

The situation

A three-technician MSP in Dallas was preparing for a partial exit — the owner planned to transition day-to-day operations to a partner within 18 months. During preliminary conversations with a potential acquirer, due diligence revealed that 19 of their 22 client environments had no formal documentation. The deal was paused pending documentation.

What was missing

  • No network diagrams for 19 of 22 client sites
  • Device inventories existed only for 3 clients, all over 2 years old
  • Credentials stored across multiple technicians' personal password managers
  • No SOPs or runbooks — environment knowledge was entirely tribal
  • No change log across any client environment

What Battice delivered

  • Full documentation package for all 22 client sites over 14 weeks
  • Network diagrams, device inventories, and access maps per site
  • SOP library covering the 6 most common procedures across the client base
  • Runbooks for internet-down, firewall-reset, and server-recovery scenarios
  • Documentation stored in client-accessible Hudu instance

Outcome

Due diligence was completed and the transition moved forward. The incoming partner noted that the documentation allowed them to support three client emergencies during the transition period without escalating to the outgoing owner. The MSP also reported a reduction in ticket resolution time as new technicians could reference runbooks rather than reconstructing procedures from memory.

22

Client sites documented

14 weeks

Full engagement duration

3

Emergencies handled without escalation

Accounting Firm · 8 Staff · Phoenix

Phishing click rate reduced from 34% to 9% over three months

The situation

An 8-person accounting firm in Phoenix had experienced a business email compromise attempt that nearly resulted in a $40,000 wire transfer to a fraudulent vendor. The wire was caught by their bank's fraud team at the last step. The managing partner wanted to understand their phishing exposure before renewing cyber insurance, which now required documented security awareness activity.

Starting state

  • No prior phishing simulation had been run
  • No formal reporting mechanism — staff had no clear procedure if they suspected a phish
  • Security awareness training last conducted two years prior (lunch session, no documentation)
  • First simulation click rate: 34% — 3 of 8 staff clicked

Three months later

  • Click rate: 9% — 1 of 8 staff clicked in month three (different staff member each time)
  • Report rate: 38% — staff using the Outlook report button introduced in month one
  • Managing partner debriefed staff after each simulation — cited as the primary driver of improvement
  • Insurance renewal submitted with three months of simulation results as evidence

Outcome

The insurance renewal was completed with the simulation results as the primary evidence of security awareness activity. The carrier also asked for MFA documentation — which the firm could produce because MFA enforcement was completed as part of the Baseline Security engagement. Coverage was renewed without an incident surcharge despite the prior BEC attempt.

34% → 9%

Click rate over 3 months

38%

Report rate by month three

$0

Incident surcharge at renewal

Want to see how this applies to your firm?

A 30-minute consultation is enough to assess your current state and identify the right starting point.

Book a free consultation