Supply chain risk management in law firms: getting started and practical guidance

Whitepaper

Law firms are no stranger to attacks on their supply chain where the intended target is often a lawyer, staff member or client. If businesses, including law firms, suffer a data breach due to their own, or that of their sub-contractors, mishandling of data, it can result in significant client / business loss, reputational damage and significant financial impact.

November 2, 202112 mins
Coworkers talking and looking at a tablet

Executive summary 

Law firms are no stranger to attacks on their supply chain where the intended target is often a lawyer, staff member or client. If businesses, including law firms, suffer a data breach due to their own, or that of their sub-contractors, mishandling of data, it can result in significant client / business loss, reputational damage and significant financial impact. According to the Ponemon Institute’s “Cost of a Data Breach Report” published by IBM Security, the average cost of a breach in 2020 was $3.86 million. This is not insignificant even for the largest law firms. In addition to security, as well as risk and reputational brand management, law firms are now subject to various supply chain requirements from clients, including equity, resiliency and social responsibility.

The primary factors driving law firms to adopt Supply Chain Management programs included in this paper are: 1) Client Information Governance Requirements “CIGRs” (outside counsel guidelines “OCGs”, master service agreements “MSA”, collectively “Agreements”) that not only require the firm to adhere to the client’s security standards, but require the firm to pass those provisions down to any third or fourth parties engaged, 2) domestic and international data privacy laws and regulations, including GDPR and CCPA/CPRA, 3) industry regulatory requirements if your firm is considered a governmental, health care or other specialized industry contractor, and 4) insurer requirements relating to your Supply Chain Management as part of the underwriting questionnaire for cybersecurity coverage.

We also address key areas of Supply Chain Management with a particular focus on risk management related to information governance. We look at who in your firm can serve critical roles aligned with risk operations, and finally, we address contracting points, tools and processes to best protect you, your clients and the industries involved.

To read other reports written by the law firm Information Governance Symposium, please visit: symposium.ironmountain.com