SECURING THE LAW FIRM
26th January 2023 • Park Plaza Victoria, London, UK
The growth of emerging legal technology and increased outsourcing mean additional challenges for CISOs
Costs versus risks – a difficult conversation?
One recent Gartner survey predicts that legal departments will increase their spending on technology threefold by 2025. This spend will buy workflow and automation tools, contract lifecycle management systems, legal applications on top of business application platforms like Microsoft, SAP, Salesforce and ServiceNow, and the adoption of non-legal-specialist technology applied to legal challenges using artificial intelligence (AI), ML, advanced analytics, process automation and other emerging technologies.
Law firms are also increasing their use of Alternative Legal Service Providers (ALSPs) to effectively outsource routine services such as document review, contract management, litigation support, discovery and electronic discovery, investigation support and legal research, IP management and even analyzing financial transactions as a component of corporate merger due diligence operations.
And of course, both the new technologies law firms are buying and the outsourcing partners they are using rely upon huge volumes of data exchange and, usually, the Cloud. ALSPs also tend to use off-shore outsourcing and web-based services.
The growth of emerging legal technology, the use of ALSPs and reliance on Cloud all have security implications. At the same time, the current economic and geopolitical turbulence is making law firms an even more attractive target to traditional and nation-state attackers. So:
• How are legal cybersecurity professionals coping with the expansion of the attack surface via new tech and outsourcing?
• How are they ensuring third-party security with regard to ALSPs?
• How are they building in resilience against Cloud outtages that can affect all elements of their business processes and even their SaaS cybersecurity vendors?
• And how are they progressing with the core cyber hygiene we all struggle with around hybrid working, email security, ransomware, patching and IDAM?