Back to Insights
Guides & AnswersCostGuides & Answers
Part of: The Cost of Managed IT Support

How Much Does IT Support Cost for a UK Law Firm in 2026?

James Moore06/07/202611 min read

The short answer

The short answer: a UK law firm should budget £50 to £80 per user per month for properly managed IT support in 2026. Below £40, something your firm needs is almost certainly missing from the contract. Above £100, you are into enterprise legal-specialist territory - real, but more than most small and mid-sized practices need. Microsoft licences are always charged on top. Our own law firm tiers are £60 and £75 per user per month, which puts us, deliberately, in the middle of the market.

How Much Does IT Support Cost for a UK Law Firm in 2026?

Why is it so hard to find IT support prices online?

Most IT companies will tell you that pricing is bespoke and there's no one-size-fits-all. That's partly true: no provider can give you a single number that categorically covers everything your firm might need.

But it's not the whole story. Withholding prices until you've sat through a discovery call and a proposal meeting is, more often than not, a sales tactic. It buys the provider time in the room to sell you on their company before you can compare them with anyone else. We think that's backwards. Buyers today research prices and feature sets themselves before they ever speak to a vendor - and they should be able to.

For context on the wider budget: technology is one of the biggest overheads a law firm carries after people and premises. The Briefing/HSBC UK Law Firm Strategy & Investment Report 2025/26 found firms now plan to spend an average of 6.5% of annual revenue on technology, up from 5.7% just two years earlier; for smaller firms, LPM's research puts the median nearer 5%. Those figures cover software, hardware, licensing and support combined. This guide deals with the managed IT support slice of that budget: the monthly per-user fee you pay a provider to run, secure and support your systems.

Why do law firms pay more than other businesses?

In our experience of pricing both, IT support for a law firm typically costs £10 to £25 per user per month more than the equivalent contract for a general business of the same size. There are three reasons.

A heavier mandatory security stack. For most businesses, tools like endpoint detection and response (EDR), advanced email protection and security awareness training are optional upgrades. For a law firm they are effectively mandatory - your professional indemnity insurer asks for them, your clients' due-diligence questionnaires ask for them, and the SRA expects you to be protecting client money and confidential data with something considerably stronger than antivirus. The threat level justifies it: analysis by accountants Lubbock Fine found 954 UK law firms suffered successful cyber attacks in a single year, a rise of 77% on the year before. Law firms hold exactly what attackers want - client funds in motion and confidential matter data.

Compliance and audit overhead. Law firms need a greater depth of logging, retention and documented evidence than most industries: for Lexcel, for Cyber Essentials, for the SRA, and for the client audits that larger commercial clients increasingly impose on their panel firms. Someone has to configure, monitor and maintain all of that logging and produce the evidence when it's asked for. That someone is your IT provider, and the workload is priced in.

Practice management software support. Systems like LEAP, Clio, Osprey and Proclaim need a deeper level of support than a generic CRM. The integrations, the document workflows, the accounts modules and the way they connect to Microsoft 365 all require industry knowledge that a general helpdesk simply won't have. Training engineers to support legal software properly costs money, and firms benefit from it every time a ticket is resolved without "you'll need to log that with your software vendor."

Why do quotes vary so much between providers?

When you get three quotes and they're £35, £65 and £120 per user, the difference usually comes down to three things.

Sector specialisation. Providers who work exclusively with law firms charge a premium for it. Their whole team is trained on legal software and legal compliance, and they've built a reputation in the sector that lets them price accordingly.

Scale and scope. Larger MSPs carry senior security engineers, service managers and out-of-hours cover - real overheads that show up in the price. Very small IT companies of one to five people have low overheads and can charge much less, and many are excellent. The honest risk with the smallest providers isn't competence, it's capacity: if your 30-user firm onboards with a two-person operation, you're betting on their ability to hire and train fast enough to keep up when several things go wrong at once. More importantly, price band is really about scope rather than provider size - as you'll see below, one of the cheapest published rate cards in the UK belongs to a large national MSP. At the bottom of the market, it's not the provider that's small. It's the service.

Certifications and security posture. Cyber Essentials, Cyber Essentials Plus, ISO 27001, penetration testing, third-party audits and tested disaster recovery all cost real money to obtain and maintain - both in certification fees and in the staff time to run the audit cycle every year. Providers who invest in this charge more. What you get back is verification: this is a company handing you evidence, rather than assurances, that it can be trusted with access to every system and every piece of client data you hold. Providers who skip it can undercut on price precisely because they don't carry that overhead. Given what your IT company can see and touch, that's a saving worth questioning.

The three price bands - with real published prices

£25–£40 per user per month: basic managed IT. This buys remote helpdesk, patching, antivirus and Microsoft 365 administration. What it typically doesn't buy: a proper security stack, guaranteed response times, or anyone who has heard of the SRA Accounts Rules. The small print matters more than the headline in this band. The HBP Group, a long-established national MSP, publishes a tier at £41.67 per user per month - server monitoring included, with cyber security, licences and disaster recovery priced separately, which is exactly how this end of the market works. Add back the pieces a law firm can't skip - managed detection, identity monitoring, awareness training - and you're in the mid-£50s and climbing before you've bought a single licence. A cheap headline price isn't a cheaper service; it's an incomplete one, and completing it costs mid-market money anyway.

£50–£80 per user per month: the mid-market - where most law firms should be. This is the band for providers with real security credentials and genuine legal-sector experience, and it's the best-corroborated range in the market. Initial IT publishes tiers at £47, £67 and £107, describing the £67 tier as right for most growing firms; several published UK market guides put the national average for standard managed support at £65–£75 per user. At this level you should expect a full security stack, SLA-backed response, and engineers who know their way around your practice management system.

£100–£175 per user per month: enterprise and City legal specialists. Techsperience, a legal-sector IT provider covering London and the South East, states that most law firms pay £100–£150 per user per month at this end of the market. Initial IT's top published tier lands at £107. Above £150 you're generally paying for 24/7 operations and heavy regulatory requirements. This tier exists for a reason - dedicated security operations centres, enterprise compliance depth, teams built entirely around large firms - but for a 10–40 person practice it's usually overkill rather than off-limits. Worth knowing: many providers at this end publish no prices at all and will only quote after a consultation and audit. You now know roughly what the number will be.

All external prices checked 3 July 2026. Pricing pages change - one provider's headline price moved the day before we checked it - so treat every figure, including ours, as "correct at time of writing."

What should be included in the monthly price?

These items belong inside a proper managed service fee. If a quote treats them as billable extras, that's how a £35 proposal becomes a £70 invoice:

  • Unlimited remote helpdesk during business hours, with SLA-backed response times in writing

  • Device management, patching and lifecycle tracking across laptops, desktops and mobiles

  • Microsoft 365 administration - user setup, security configuration, and the tenancy actually being looked after rather than just existing

  • Endpoint detection and response (EDR) as a minimum - plain antivirus at these prices is a warning sign

  • Email security: spam filtering, impersonation and phishing protection

  • Microsoft 365 backup - most firms assume Microsoft backs up their email and documents; it doesn't, not in the way you'd need after a ransomware incident or malicious deletion

  • Starter and leaver management, including the offboarding discipline that keeps showing up as the weak point in SRA and ICO enforcement cases

  • Vendor liaison with your case management provider - LEAP, Clio, Osprey, whoever - so "log a ticket with them, not us" doesn't happen

  • Quarterly service and strategy reviews

What's normally charged on top?

Every provider structures these as extras, so check each one when comparing quotes - this is where a cheap-looking proposal quietly becomes an expensive one, and where a dearer proposal sometimes turns out to be the better value because more of what you actually need is already in it:

  • Microsoft licences - almost never included in headline support prices, ours included. For most law firms the right plan is Microsoft 365 Business Premium, £18.10 per user per month at retail, because it carries the security controls the rest of this article assumes. Check every quote for two things: a separate licence line, and which plan it's priced on. A £40-per-user proposal is really £58 once proper licences are added - and if it only looks cheap because it assumes a lesser licence, it isn't cheap, it's underspecified.

  • Managed detection and response (MDR) - 24/7 human security monitoring, typically £5–£10 per user as an add-on. Increasingly required by cyber insurers. (Included in our tiers - see below.)

  • Identity threat detection and response (ITDR) - monitoring for compromised Microsoft 365 accounts, typically £3–£5 per user. The fastest-growing attack route against law firms. (Also included in ours.)

  • Security awareness training and phishing simulation - £2–£4 per user, and now a standard question on insurance renewals.

  • Cyber Essentials certification - a fixed project cost rather than a monthly fee: the certification itself runs roughly £320–£600 depending on firm size under IASME's tiered pricing, with Cyber Essentials Plus audits broadly £1,400–£2,500, plus whatever remediation work the assessment surfaces.

  • Out-of-hours support - either a premium tier or per-incident billing. If your firm does property work, ask specifically about Friday afternoon cover; completions don't wait for Monday.

  • Business telephony - separate, usually £10–£20 per user depending on platform.

  • Projects - migrations, office moves, server replacements. Always quoted separately, and rightly so; a provider who claims projects are "all in" has priced them into your monthly fee whether you use them or not.

  • Hardware - always separate.

What should your firm actually budget? Two worked examples

A 10-person firm (say eight fee earners and two support staff) at mid-market rates: £500–£800 per month, or £6,000–£9,600 a year, plus Microsoft licences (£181 a month for ten Business Premium seats). To put that in perspective, a fee earner charging £250 an hour covers the firm's entire monthly IT support bill in about three hours of billed work.

A 40-person firm across one or two offices: £2,000–£3,200 per month, or £24,000–£38,400 a year, plus licences (about £724 a month on Business Premium). That's a real line in the P&L - and still small next to the cost of getting it wrong. When Tuckers Solicitors was hit by ransomware, the ICO fine alone was £98,000, before counting the downtime, the incident response, the insurance excess and the client damage. The ICO's findings read like a checklist of corners cut: no multi-factor authentication on key systems, a critical security patch left unapplied for over four months - and the firm had been assessed against Cyber Essentials before the attack, and failed. The gap between adequate and cheap IT support is a rounding error against one bad fortnight.

Where we sit - and exactly what we charge

Genmar sits firmly in the middle of the market, on purpose. We're a medium-sized MSP of around 30 staff, including specialist security engineers. We hold ISO 27001 and Cyber Essentials certifications. We've worked with law firms for years, but we're not a 100% legal specialist - we support other industries too, and you should know that when you're comparing us against the legal-only providers in the top band.

Our law firm tiers are £60 and £75 per user per month. Both include, as standard:

  • 24/7 security operations centre managing detection and response on every device and every Microsoft 365 identity - MDR and ITDR included, not sold as add-ons. This is the capability much of the £100+ tier is charging a premium for.

  • Support to fixed, written SLAs - with automated service credits when we miss them, applied without you having to ask

  • 24/7 remote support

  • Full security maintenance: patching, email protection and Microsoft 365 backup

  • Strategic planning through your account manager, with quarterly compliance reviews

  • Cyber Essentials preparedness for your firm, so certification is a formality rather than a scramble

Full tier details are on our pricing page. Microsoft licences, telephony and projects are charged separately - the same rules we've told you to hold every other provider to.

Frequently asked questions

Why won't most IT companies publish their prices? Partly because pricing genuinely varies with your setup - but mostly because unpublished pricing forces you into a sales meeting before you can compare providers. The information advantage sits with them, not you.

Are Microsoft licences included in per-user support prices? Almost never, from any provider. For most firms the right plan is Microsoft 365 Business Premium at £18.10 per user per month, and every quote should show the licence line as a separate item.

Does a small firm need 24/7 support? A business-hours helpdesk is fine for most firms - but security monitoring must be 24/7, because attackers deliberately work evenings, weekends and bank holidays. Those are two different things; make sure a quote isn't blurring them. If you do conveyancing, ask about Friday cover specifically.

What about our case management software? Proper legal-sector support includes first-line help and vendor liaison for your practice management system. If a provider's answer to every LEAP or Clio issue is "contact your software vendor," your fee earners will be the ones sitting on hold.

Is £30-per-user IT support ever the right choice for a law firm? As a fully managed service, we'd say no - the security and compliance layer a firm needs simply doesn't exist at that price. Where it can make sense is co-managed support alongside an internal IT person, where you're buying capacity rather than the whole stack.

 

Part of our pillar guideThe Cost of Managed IT Support

Need help with your IT?

Our team of UK-based IT experts are ready to help your business thrive. Get in touch for a free, no-obligation consultation.