Cyber audits have likely never been much of a party for law firms, legal tech vendors and alternative service providers. But with cyber insurers putting even more pressure on organizations to secure critical endpoints, outside partners could find themselves facing the difficult choice between a payday and an increasingly burdensome audit process. 

“We had one law firm—and I’ve never heard of this before—but they had an [audit] questionnaire that was 1,400 questions. … And they said they actually turned down representation. They said, ‘It’s not worth us going through this whole audit,’” said James Merklinger, president of the Association of Corporate Counsel (ACC) Credentialing Institute.