Data and Cybersecurity remains a hot topic across both the legal and tech sectors, becoming more prominent as the regulatory landscape and client/ customer expectations continue to evolve. The purpose of this event was to inform attendees on some of the key updates and developments within data and cybersecurity, discuss some of the challenges surrounding the topic with a particular focus on legal sector, and provide support and advice on how to navigate data and cybersecurity guidelines.
First up, we heard from Julian Wells, Director at Whitecap Consulting introduce the event and the upcoming agenda, thanking the speaker line-up as well as our sponsors and partners for their continued support: Addleshaw Goddard, Bruntwood SciTech, Barclays Eagle Labs, Calls9, Cyber Security Partners (CSP), DAC Beachcroft, Leeds City Council, Leeds City Region Enterprise Partnership, Leeds Law Society, Leeds Trinity University, LawtechUK, Page White Farrer, rradar, SYKE, Toca, The University of Law, Walker Morris.
Chloe Thompson, Consultant at Whitecap Consulting gave a progress update, detailing what LegalTech in Leeds has achieved so far in 2023. This included an update on social media following and brand growth (LinkedIn followers -378, Eventbrite followers – 131, Email subscribers – 536) as well as a run through of upcoming events:
· LegalTech in Leeds Learning Lunch – Wednesday 15th February, 13:00 – 14:00.
· LawTech Innovation Showcase – Tuesday 28th February, 08:15 – 11:00.
· LegalTech in Leeds ‘The Big Hack’ – Friday 10th March, 08:00 – 18:00.
· LegalTech in Leeds Conference 2023 - Wednesday 26th April, 08:30 – 17:00.
Up next, Chris Winn, Ecosystem Manager at Barclays Eagle Labs, talked to the room about the evolution of Eagle Labs, starting from 6 years ago and now having a total of 38 physical sites, raising over £2bn in funding and supporting almost 10,000 businesses to scale and grow. Chris finished by inviting any businesses in the room looking for support to get in touch and share their propositions.
Next, we had Liam Angus, Lawtech Innovation Lead at Barclays Eagle Labs, who spoke to us about the Eagle Labs Lawtech proposition which has the main objective of “breathing life into LegalTech innovation.” Liam highlighted the challenges surrounding innovation and the legal sector but stated “there’s been a lot of interest and activity across LegalTech within the region and Leeds is leading the way as a catalyst for change.”
Liam spoke about the Eagle Labs Lawtech mission which is to grow the already thriving Lawtech ecosystem, to attract the best talent and drive investment and collaboration across the UK legal industry. He also highlighted the partner organisations that have committed their support to Barclays Eagle labs as well as local and national organisations that deliver mentoring and coaching on the programme. Finishing by welcoming anyone who is interested in tapping into the support on offer at Eagle Labs to get in touch.
Kevin Else, Consulting Director at CSP, started by introducing Cyber Security Partners stating that the cyber security consultancy, established in 2016, is based in Leeds but operates across the UK too. CSP successfully helps organisations with a variety of cyber security services including helping businesses achieve accreditations such as; ISO2001, Cyber Essentials and Cyber Essentials+.
Kevin walked us through the NIS-r (Network and Information Systems Regulation 2018), which is a set of cyber security and resilience principles for securing essential services, discussing the impact on the legal sector with a particular focus on firms that utilise MSP services and the associated cybersecurity risks.
Kevin gave a detailed run through of other regulatory standards that are set to change including:
· Cyber Essentials – Update Due April 24th.
· ISO27001/2 - Updated 2022.
· PCI V4.0 – March 2022.
· DORA – Implementation over the next 2 years (Finance).
· CSA STAR Cloud Controls Matrix V4 – (CCM V3.0.1 withdrawn 21st Jan 2023).
Kevin finished his talk by stating, “regulatory standards will continue to evolve as will technology but if you make a continuous effort to manage your security and cyber risks then you will always be ahead of the market.”
Next up, we had Steve Davies, Head of Cyber Security at DLA Piper, who discussed security standards and the unrealistic expectation that they can mitigate all cyber risk and make an organisation 100% secure, stating “no one security standard can make your organisation totally secure.”
Steve highlighted that security standards are however useful tools for demonstrating commitment and progress to cyber security; surfacing potential risks and agreeing priorities; identifying gaps in controls and most importantly, managing risks.
After a detailed run through of Cyber Essentials, including how it differs from IEC/ISO 27001:2018 and NIST Cyber Security Framework, Steve outlined the feedback from DLA Piper’s most recent certification, stating in order to prepare for the certification audit and drive out non-conformities, DLA Piper engaged the assessors beforehand to provide a number of pre-assessments over the course of the year.
Steve finished with some closing thoughts including the fact that Cyber Essentials is a developing security standard which poses specific challenges for large organisations that have a global workforce as currently, it does not consider the cost and complexity of achieving compliance at scale.
Dr. Andrew Sharp, Principal Consultant at The Oakland Group was our next speaker, who started off with a brief background on the company stating that “The Oakland Group is a full-service data consultancy operating at the intersection of process, analytics and governance.”
Andrew talked to us about the importance of a data strategy, highlighting the fact that all businesses collect large amounts of raw data and that you should have a clear and well-thought-out view of how you are using your data.
A data strategy should define the technology, processes, people, and rules required to manage your organisation's information/ data assets so that you can make informed decisions and get the best use from your data. Andrew finished with, “by creating a data strategy, you are more likely to stay relevant, competitive, and innovative amidst constant change.”
Aisha Akhtar, Commercial and Data Protection Solicitor at Blacks Solicitors was our next speaker. Aisha started with a brief background on herself as a solicitor in commercial law with a specialism in data protection, outlining the typical services that she assists with including data protection health checks, drafting policies and procedures, reviewing contracts and delivering training.
Aisha gave an introduction to the ‘Accountability Principle’, which requires organisations to be able to demonstrate compliance with the UK GDPR. Aisha highlights that measures taken can vary depending on the size of an organisation and the types/ volumes of personal data that an organisation processes.
Aisha finished by saying, “it’s important to have policies in place but it’s really important to embed them in your organisation. It’s about creating a culture where employees feel comfortable to talk about cyber risk and speak-up if they think that there has been a possible breach.”
To conclude the event, we had a panel discussion with Andrew Dyson, Managing Partner at DLA Piper, Clare Thornton, Managing Director at Thornton Jones Solicitors, Phil Parkinson, Partner at Blacks Solicitors, David Bishop, Data Privacy Consultant at CSP and Andy Crossley, Director at The Oakland Group.
Andrew kicked off the discussion by stating, “at DLA Piper, data is at the heart of how we operate and if we’re going to live and breathe our values and be secure against cyber risks, we have to have guiding principles around how we look after our own data.”
Andrew went on to say that it isn’t just a challenge for the IT function, it has to be embedded within the organisational culture and everyone needs to be trained on the importance of data and cyber security. He finished by saying, “at DLA, we’re starting to think differently about cyber risk. We’re not just reacting retrospectively to an incident or a change in regulation, we want to be more proactive to deliver better value for our clients.”
Clare was next to join the discussion, giving a brief overview of the size of the organisation stating that there are 51 FTEs with an outsourced IT function. Clare highlighted that a lot of their client base does not use technology and still values face-to-face and telephone interactions. However, Clare also admitted that despite this, IT and technology remains a priority for Thornton Jones and as they grow, they will continue to invest in improving their tech capability.
Phil shared his perspective from a medium sized law firm with c.200 employees stating that the IT function at Blacks has grown significantly over the last 4 years, with 9 people now within the team. He stated that going forward, looking at client expectations and the project pipeline, growing the IT team further will be a key priority for the firm. Phil finished by stating that another key focus for Blacks will be training people internally on how to recognise cyber risks and phishing scams.
David joined the discussion from the view of a cybersecurity consultant, highlighting the importance of the ethical aspects around data and making sure that when a breach occurs, all the necessary infrastructure is already in place, including confidentiality and integrity.
David also stated, “you need to know your data in order to protect it. There are lots of clever tools out there, but to meaningfully apply them you need to classify your data so you can determine what protection is most relevant/ appropriate.”
Andy added, “all sectors are looking to be compliant and mitigate risks, but the legal sector could benefit from looking at use cases from other industries, taking learnings from firms and applying best practice to themselves.”
Andrew from DLA Piper then joined in by using Healthcare as an example of a sector that is making real progress in the value that it gets from the huge amounts of data that is collected and stored on systems. Andrew stated that the legal sector faces challenges around the quality and organisation of its data and that learnings can be taken from healthcare such as the labelling of data to determine its usefulness. Andrew finished with, “we need to start looking at data from not just a protection standpoint, but also as an opportunity for innovation.”
Clare also shared her thoughts on the topic by stating, “one of the biggest challenges we face is getting people within the firm to use systems properly and input all the correct data because if people aren’t using it properly, then it’s useless.”
Phil finished the panel discussion by agreeing with this, “you need to get buy-in from everyone in the organisation from top to bottom.”
Julian concluded the event by thanking all the fantastic speakers and encouraged attendees to sign-up for our upcoming LegalTech in Leeds events:
· LegalTech in Leeds Learning Lunch, in partnership with ULaw – 15th February, 13:00- 14:00.
· LawTech Showcase, in partnership with Walker Morris – 28th February, 08:15 – 11:00.
· LegalTech in Leeds ‘The Big Hack’ – 10th March, 08:00 – 18:00.
· LegalTech in Leeds Conference 2023 – 26th April, 09:00 – 17:00.
What a great day to share this article...