Much ink has been spilled in recent years about information security, hacker exploits and hardware and software products used to thwart hackers. Not a single day goes by without news pertaining to the discovery of vulnerabilities in the software we use and cherish, and to hacker exploits affecting the companies we use in our daily lives. Compromises at JP Morgan Chase, Target, Home Depot, Ebay, Adobe and Apple, to name a few, have led to the leakage of hundreds of millions of records. These infractions lead to billions of dollars of aggregated losses and can be financially devastating to an organization. A 2014 study by the Ponemon Institute, for example, puts the cost of the average data breach at $5.9 million dollars and the cost per record of a breach in the U.S. at over $200. See, “2014 Cost of Data Breach Study: United States (May 2014).”
The legal industry has been a late comer to the information security frenzy, but the situation has changed over the last 18 months, driven by corporations’ realization that law firms and the legal ecosystem orbiting around them has access to some of their most sensitive data. This realization triggered a series of security audits targeting law firms and, in some cases, e-discovery vendors. Corporations spend millions of dollars on information security to build a defensive dome around their data (JP Morgan, for example, announced to its shareholders that it spent $250 million on information security in 2014), and their angst about the safety of that data when it resides on third-party networks is therefore understandable.
