Ian Raine at iManage raises some good points here. I have been working with the UK legal sector for a number of years and firms are often subject to audit pressures from their clients.

We regularly see large corporates scrutinise their supply chain and, given the nature of the relationship and information sharing between a corporate and legal adviser, it comes as no surprise legal services providers are high on the list for scrutiny! I have been lucky enough to work with some outstanding firms that take this matter seriously, but does audit pressure drive good behaviour and standards, or is it another 'guideline' to be ticked off? 

In many scenarios, I believe it opens the board’s eyes to expected standards in the industry and serves as an opportunity to resource the necessary teams and processes to achieve greater levels of security maturity. 

This shouldn’t be a reactive exercise and certainly not an activity driven by someone else’s standards. LogRhythm is helping a number of legal organisations develop security maturity and strategy plans which suit their business and pace of work. The objective of the plan allows firms to proudly display their security efforts as a showcase to potential clientele.