What do I mean by a “full-bore CISO?” For the larger firms, I mean a heavily credentialed and experienced data security expert, the type who comes with a 6- or 7-figure price tag, and whose background is from the likes of the NSA or companies in comparably sophisticated leagues. (I didn’t say this would be cheap, but neither is dissolution as a going concern.)

And another thing: Whatever your CISO recommends needs to have the same force as if it came from the Managing Partner and Executive Committee. No worming around it or taking an appeal.

I have another theory—the even less flattering one—about why Law Land is vulnerable: Partners who think they know better and are too smart or can’t be bothered. I can, without meeting any of the offenders lurking within your firm, assure you with a high degree of confidence of their response were you to challenge them on their security hygiene: They would lecture you with certitude and an air of finality that they know better and that nothing could possibly go wrong.

Secretaries, paralegals, and most of your partners and associates wouldn’t do that. Only the Super Egos will. But as usual, that’s who you need to watch out for.

I have zero knowledge of what might or might not have happened at Cravath and Wachtell, and the point of this article is that we all need to belatedly start to take this stuff with dead seriousness, but I can’t help but point out that my ego-driven exceptionalism theory is fully consistent with the most elite firms being vulnerable—they house the most super-sized egos.

It’s been said that the biggest “or” in the English language is the one in this phrase: “knew or should have known…”

By that standard, you have no further excuses.

Regular readers know that I’m fond of data, so here’s some.

Courtesy of the ingenious “Information is Beautiful” site, here is a diagram of:

  • Every known data breach since 2004
  • Involving at least 30,000 records
  • In the financial services, healthcare, legal, and tech sectors
  • Resulting from hacking or an inside job/leak.

The size of the bubbles corresponds to the number of records stolen and, for present purposes, you can ignore the blue and orange colors. (Orange represents what the “Information is Beautiful” folks think is a particularly interesting story.)

Don’t say you couldn’t see it coming.

Biggest Data Breaches

Biggest Data Breaches

Related Articles

Email Delivery

Get Our Latest Articles Delivered to your inbox +

Sign-up for email

Be the first to learn of Adam Smith, Esq. invitation-only events, surveys, and reports.

Get Our Latest Articles Delivered to Your Inbox

Like having coffee with Adam Smith, Esq. in the morning (coffee not included).

Oops, we need this information
Oops, we need this information
Oops, we need this information

Thanks and a hearty virtual handshake from the team at Adam Smith, Esq.; we’re glad you opted to hear from us.

What you can expect from us:

  • an email whenever we publish a new article;
  • respect and affection for our loyal readers. This means we’ll exercise the strictest discretion with your contact info; we will never release it outside our firm under any circumstances, not for love and not for money. And we ourselves will email you about a new article and only about a new article.

Welcome onboard! If you like what you read, tell your friends, and if you don’t, tell us.

PS: You know where to find us so we invite you to make this a two-way conversation; if you have an idea or suggestion for something you’d like us to discuss, drop it in our inbox. No promises that we’ll write about it, but we will faithfully promise to read your thoughts carefully.