Chief Information Officer Kermit Wallace was quoted in an article, "Should Law Firms Worry About The Cybersecurity Personnel Shortage?," published by ALM's LegalTech News. As reported in the article, like many industries, law firms face a cybersecurity services market that has a surplus of demand, but adding more personnel is not always the best response. Wallace noted that law firms face the added challenge of having to service clients across a multitude of industries and verticals. "While we don't have the same regulatory requirements that say a healthcare company does or a financial services company does, we have the expectation from those clients that we can match and model their requirements. So we're competing for the same [cyber] talent in a lot of cases," he said.
The article also reports that while a number of smaller technology companies may have the capabilities to perform certain vulnerability assessments, as Wallace pointed out, there are inherent security risks that clients may not ultimately sanction. "Your clients expect you to do this stuff, and if you're doing it with 'Joe's Pen-Testing Company' that may not be good enough. They are going to want to know that Joe has the appropriate controls in place," Wallace told LegalTech News. In addition, he noted that a law firm's cyber risk profile can ebb or flow with each client that passes through either side of the door. Certain companies may attract threats from a certain kind of cyber infiltrator.