Once a law firm’s chief financial officer, chief operating officer and chief information officer tended to stay in their own lanes. Today there’s far more cross-traffic. The need for a comprehensive information security strategy, for example, is now as much of a financial and operational issue as it is one for a CIO.
That’s why the theme of the upcoming 7th Annual Law Firm CFO/CIO/COO Forum is Time & Tide: Evolving Law Firm Leadership to Meet New Challenges. The Forum, which is being held in New York City on June 15, should interest anyone working in these three sectors, as cross-pollination of ideas is increasingly important. “You cannot survive in a vacuum,” said Kermit Wallace, CIO at Stroock & Stroock & Lavan LLP, and an event co-chair.
“You can’t ignore cybersecurity anymore. And you can’t hang your hat on saying ‘We’ve adopted best practices.’ Those might not be applicable tomorrow.”
For example, cybersecurity issues now affect all of the C-suite. The Forum’s lead-off session, A Rumor of War: Regulation, Revelations & the State of Cybersecurity in 2017, will drill down on this subject intensely. Moderated by Zeichner, Ellman and Krause’s cybersecurity expert Daniel Garrie, the panel will include Zachary Goldman, executive director of the Center on Law & Security at NYU School of Law; Gabriel Taran, Assistant General Counsel for Cyber and Infrastructure Programs at the Department of Homeland Security; Timothy Murphy, president of Thomson Reuters Special Services; and James Quinn, head of architecture at Infotecs Americas.
As late as three years ago, “you could probably count on one hand the number of [law] firms that had a distinct and separate information security department, focused on cybersecurity issues. Now that’s the new normal,” Stroock & Stroock’s Wallace said. A data breach that woke up many clients was the hack of Target in 2013, he said, which “affected people across the country in every socioeconomic stratum. It made clients say, ‘This is serious stuff.’”
“Clients asking, ‘Could that happen to us?’ was the most consistent question we got.”
Clients are looking for their law firms to take the lead on cybersecurity, and firms “have had to adapt quickly to the data protection needs of their clients,” he said. “Clients are asking: can you advise us on what regulatory requirements are? Can you provide guidance on what we should be doing to be compliant?” Even client-law firm communications have changed, he explained, adding that it wasn’t that long ago when it was routine for a client to send documents by email or put them into a lawyer’s personal Dropbox account. Today, this process usually entails using a secure platform for filesharing with restricted access to it.
“You can’t ignore cybersecurity anymore,” Wallace noted. “And you can’t hang your hat on saying ‘We’ve adopted best practices.’ Those might not be applicable tomorrow.”
Wallace will moderate the panel, Exploring Future Drivers of Change in Legal Services — Defining Client Expectations, in which GCs, CLOs and business development leaders from Anheuser-Busch InBev, Intelliteach and Betterment will talk about developments in technology, regulations and the tumultuous socioeconomic landscape that could shake up the legal market in the coming year. Of these topics, regulations could have the most resonance for Forum attendees. “Regulations can stymie or accelerate technological change,” Wallace said. “And regulations can create socioeconomic turmoil. Different sovereignties with different sets of regulations and different implementations within their own borders can be a recipe for discord.”
Another panel concerns Big Data in Practice: Evolving Law Firm Business Analytics in the Information Economy, which will address trends in big data management from the C-suite perspective. One component of this vital issue is that while there’s an assumption of standardization in terms of data management across the legal industry, that’s often not actually the case — law firms collect and analyze data in different ways.
“That’s what makes the big data discussion very interesting,” Wallace added. “How are firms going to address the collection and analysis of big data, when how they’ve looked at their operating data points in the past has been so unique to each firm?”