Updated: Apr 27
Data breaches seem to always bee in the news, so it should come as no surprise that each year the number of cybersecurity incidents impacting the legal industry continue to rise.
“According to IBM, the average total cost of a data breach is 3.86 million USD.”
As a result, legal teams, especially corporate counsel, are facing ever increasing responsibilities establishing organization-wide cybersecurity policies, practices, and platforms. This according to both the Association of Corporate Counsel's 2020 State of Cybersecurity Report and, anecdotally, what we here at MIlyli have heard from our customers over the last year and a half.
According to interviews conducted by Law.com, leaders across the industry are seeing vastly increased need for additional training, further compliance awareness, and additional familiarization with common cyber attacks like ransomware.
“Cybercriminals exploited the pandemic to attack vital institutions, such as hospitals and schools. And, as 2020 comes to a close, we are learning of cyberattacks on prominent organizations thought to have the most robust cybersecurity programs.
Leaders in the industry continue to advocate for the hiring and staffing of attorneys who focus on cybersecurity. Additionally, according to the ACC report referenced above, over half of Chief Legal Officers interviewed said they expected growth in cybersecurity requirements for their position to grow. This report also highlights the increasing demands for cybersecurity as an area of expertise for new hires and expected team growth on corporate legal teams.
Realistically, legal specialists like this aren’t going to flood the market tomorrow. This type of cybersecurity specialty takes time to permeate industry standards and modalities of professional education.
What can teams – especially those in corporate counsel – do in the meantime?
Outsourcing or co-managed options is the safest, most reliable way to comply with any standards, but also uncover the necessary best practices your organization needs. This can come in the form of contracted work or by the use of technology to further mitigates risk.
It is not “laziness” or “carelessness” as we typically understand those traits that often cause breaches, leaks, or threats from cybersecurity vectors. It’s just a lack of know-how – and sometimes the use of tools built by people without the know-how.
With any area of eDiscovery or eDisclosure, there is just a considerable amount of expertise required to properly remove the hidden or hard to find information embedded deep within documents. Milyli works with documents containing sensitive information a lot.
And we do a lot of redactions – approximately 1.4 billion and counting to be specific. One of the most common uses of our software, Blackout, is anonymizing Excel documents and PDFs. Commonly used in CCPA requests, DSARs, and FOIA requests, Blackout is used to locate sensitive information throughout these document types and de-identify it or black it out entirely.
Missing or improperly redacting documents was a problem even at the highest levels of government. Solutions need to navigate the trickiest parts of redaction and eliminate easy-to-make mistakes. Whether it's disconnecting remote data sources that regenerate Excel table data or surfacing hidden files embedded deep within a PDF, it’s extremely important to have someone or a piece of technology that can take care of the edge cases of native markup.
The pace at which the legal industry continues to issue and require more sophisticated cybersecurity compliance is a challenge. However, it’s exciting to see emerging roles and responsibilities emerge from them. For the Milyli team, it’s exciting to develop problem-solving solutions that will address needs in their absence and hopefully become an essential part of their toolkit down the road.
We would also love to hear your thoughts on the future of secure and safe redaction.
Reach out to us at blackout [at] milyli [dot] com for more information or to have a conversation with us about how Blackout might help with your redaction workflows.