Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1542659
P E E R T O P E E R M A G A Z I N E ยท W I N T E R 2 0 2 5 29 BUILD A CULTURE OF VIGILANCE Both law firms and in-house legal teams are now judged not just on legal skill, but also on their ability to protect highly sensitive data. Research shows that roughly one in three law firms will be targeted by a data breach this year, with the average incident costing over five million dollars. Even more troubling, 63% of those breaches trace back to third-party vendors or partners, making external risk management as important as internal controls. Law Firms Clients are sending increasingly detailed security questionnaires and often require contractual proof of your security controls, including documentation on vendor oversight. Corporate Legal Departments Boards and nonlegal business leaders expect you to uphold or exceed the security standards that govern the rest of the organization. There is often a need to oversee both your internal systems and the security practices of your outside counsel and legal technology vendors. Action Steps Map every touchpoint where client or company data exchange occurs, internally and externally. Ensure that the appropriate levels of protection (e.g., encryption or access controls) are in place at each touchpoint. Designate security champions on both legal and business teams to bridge communication gaps and remediate any gaps in protection. Create open channels with IT and compliance, ensuring you receive alerts about new risks and best practices. TURN COMPLIANCE INTO A COMPETITIVE ADVANTAGE Regulations, including HIPAA, GDPR, CCPA, and more, dictate how legal organizations handle information. But the best law firms and legal departments go beyond the minimum, positioning compliance as a value proposition and a reason for clients or the C-suite to trust them. Law Firms Highlight a culture of compliance in RFPs, outside counsel guidelines, and pitches. Clients increasingly differentiate between firms based on their ability to manage risk and share audit documentation. Legal Departments Be the compliance role model for your company. Demand documentation from outside counsel and review every supporting vendor for regulatory gaps. For example, when working internationally, confirm GDPR controls at every stage. Do not just rely on a signed 1 2