Lewis Roca Rothgerber Christie is teaming up with a Colorado Springs-based cybersecurity consultant in a strategic alliance that should bolster both organizations’ capabilities for serving their clients.
The alliance between Lewis Roca and eosedge Legal is an indication of how they are both responding to changes in the ways companies think about cybersecurity.
The alliance was announced Sept. 12, but its roots go back about two years ago when the firm started a program asking its lawyers to look at their practice areas and find opportunities to innovate. Firm managing partner Ken Van Winkle said Hillary Wells, head of the firm’s cybersecurity practice, began looking at data security and breaches and came up with the idea of partnering with eosedge Legal’s Doug DePeppe, a cyber law attorney and former advisor to the White House 60-day Cyberspace Policy Review and the then-National Cybersecurity Division within the Department of Homeland Security. Van Winkle said the idea was to couple the business side of cybersecurity and data protection with the legal side.
“Data protection rules and regulations are changing, and clients need to keep up,” Wells said. “In the past, data protection regulations focused primarily on financial institutions and the medical industry. Now, businesses in all industries, regardless of size, are facing legal requirements and potential liability for failing to employ appropriate data protection practices.” For instance, Colorado recently enacted new cybersecurity regulations that apply to businesses in all industries and its requirements for incident response are considered the strictest in the country.
For Lewis Roca, the alliance marks a change in approach to how the firm serves its clients. Van Winkle said it’s part of a strategy to serve as advisors to clients and work with them in a proactive capacity to get ahead of problems before they arise. “It’s a change in direction,” he said. “What we do is take the time to listen to our clients and evaluate what their needs are and respond to the market’s needs versus putting out a legal service and waiting for the need.”
Typically, the legal market addresses cybersecurity and data breaches by responding after breaches occur. “As a result, they’re not prepared to address the long-term fallout,” Van Winkle said. By partnering with eosedge, the firm will be better able to assess risks and develop a plan for what to do when a breach occurs with both the legal and business aspects in mind.
And by partnering with Lewis Roca, eosedge will gain a larger platform as well as increasing its own ability to keep clients’ information secure, DePeppe said. “The perfect cyberfirm is a cyber law firm,” he said. By having the attorney-client privilege and privacy of a law firm, a cyberfirm can close gaps in security without creating new problems. After a breach, forensic firms step in to do incident response and go through a company’s protocol, but once a third-party is involved, they are creating evidence. “If they reveal a data breach, that data is being generated without counsel involved, and the horse is already out of the barn.”
DePeppe said that Lewis Roca’s connections to government will also be helpful, since cyberattacks more frequently have ties to nation-state actors at some level.
“These are networks that are attacking,” DePeppe said. “Having ties to layers of government relations is important in the cyber sphere, and we definitely have that.”
“Government itself, in cyber issues,” he continued, “is moving toward public-private partnerships in trying to sideways collaborate with industry at multiple levels. The approach we’re taking in our alliance is to connect with both government partners and organizations that are engaged in public-private partnerships.”
Van Winkle said the firm hopes to expand its cybersecurity practice and address a broader section of the market. And the strategy applied to the cybersecurity and data privacy practice is a model the firm plans to replicate with other practice areas as well. He said the firm has implemented a new service model in which it gets to know a client’s market and then after about six months of study, will come back with new service models for that particular area. “Many firms have great lawyers, excellent legal knowledge and experience,” he said, “but are they providing service in response to market needs in way clients expect?”
— Tony Flesor