When Worlds Collide

Media attention to data breaches has thrust them into prominence in the eyes of the public, among executives, and in board rooms. This new level of visibility has spurred legislation and required lawyers inside law departments and at law firms to team up with IT professionals. Lawyers and computer security professionals agree that cybersecurity is a matter of critical importance to all businesses.

The well intentioned yet marginally effective plethora of “Governance, Risk, and Compliance” (GRC) regimes have created volumes of documentation and checklists, all in a nominal effort to regulate the security that businesses implement within their organizations. Teams of risk professionals and lawyers have tried to understand what these standards are meant to accomplish, how they are supposed to be implemented, and how to best position their clients to demonstrate their compliance. However, these regimes have failed to keep their disciples safe from cyber criminals. Ask any security professional why, and they will point out that standards devoid of strategy will never ensure security.

Lawyers do need partnerships with cybersecurity professionals. There are more companies in this space than ever, but selecting one is a complex process. Keep in mind that any team or organization is only as good as the people with their fingers on the keyboard, so make sure you actually evaluate the practice leaders, and make sure they have the education, experience and expertise that are going to be necessary.