Evolving Trends in Third-Party Risk Management for Law Firms

Summary

In this conversation, Greg Chan, retired senior manager of cybersecurity for Paul Hastings, discusses the emerging themes and risks in the legal industry, particularly in the area of vendor risk management. He highlights the growing focus on third-party risk and the challenges law firms face in ensuring the security of client data. Greg emphasizes the need for law firms to mature their third-party risk management programs and comply with client requirements. He also discusses the shift from point-in-time risk assessments to continuous monitoring. Greg concludes by emphasizing the real business impacts of insufficient controls and the need for law firms to prioritize information security.

Takeaways

• Law firms are increasingly focusing on third-party risk management, particularly concerning the security of client data.
• The legal industry is still in the process of maturing its vendor risk management programs, with some firms at the beginning stages and others already implementing programs.
• Law firms that do not adequately manage vendor risk may be exposed to risks such as class action lawsuits and the exposure of client and personal data.
• Certifications alone are no longer sufficient, and law firms need to go beyond certifications and implement continuous monitoring and enforce policies.