Fri, Sep 11, 2020

Kroll CyberClarity360 and Buying Legal Webinar Series Wrap-up

Last month, Kroll CyberClarity360 partnered with the Buying Legal Council to lead a series of informative webinars on legal vendor cyber risk. Buying Legal Council is an international trade organization for legal procurement and constitutes members from Fortune 500 companies to government agencies to academia worldwide. With an emphasis on procuring legal services, their members are critical in helping organizations identify, avoid, mitigate and ultimately transfer cyber risk in the procurement process. With the lens of risk management, we approached this webinar series and developed four specific but related webinars.

Privileged Data & Cyber Security

Privileged Data & Cyber Security

The first was led by Imran Jaswal and Ryan Spelman of CyberClarity360. It focused on the concept of risk identification, aimed at helping the members of Buying Legal Council understand and identify risks in their vendor ecosystem. While the number of cyber risks is myriad, there are specific challenges to legal vendors that require special attention. The sensitivity and volume of data that may be shared with one or more outside counsel make a data breach by a legal vendor a particularly high-risk event. Further, the nature of legal vendor relationships, with their potential for rapid scope change and confidential procurement, make managing this data sharing a particularly challenging activity.

Cyber Security Benchmarking

Cyber Security Benchmarking

In the second, led by Shay Colson and Ryan Spelman of CyberClarity360, Kroll analyzed and studied vulnerabilities the same way hackers do and emphasized the data points that should be considered when deciding to engage or avoid specific legal vendors. Shay Colson talked about the critical vulnerabilities of accounts that get compromised due to exposed records. These records may be employee account credentials used on other systems such as payroll providers or travel booking sites. And, if the employees used the same username and password they use on their organization's systems, then it could lead to a data breach. Both Shay and Ryan emphasized that understanding the cyber risk exposure, combined with an understanding of the data that will be shared with the vendor, is critical in deciding how to engage with the legal vendor.

Legal Vendor Cyber Risk Program

Legal Vendor Cyber Risk Program

Log into your Buying Legal account to access this video recording.

The third was a fireside chat with a significant financial institution's legal vendor cyber risk management team, moderated by Shay Colson. This organization has built a robust legal vendor cyber risk management program that identifies and avoids potential risks and can engage and mitigate the threat. The mitigation comes from careful analysis of risks, leveraging a technology platform, and excellent communication between the financial institution and the firms.


Data Governance and Contract Management

Data Governance & Contract Management

Staff from Kroll’s Legal Management Consulting practice, Tyler Marion and Derek Mihm, joined us for the final and fourth webinar where they educated the audience on contracts. Contracts represent one method of risk transfer, which often represents the last option for dealing with risk if you cannot avoid it or mitigate it. Tyler and Derek focused particularly on managing clauses and terms across thousands of contracts and how leveraging technology can bring greater clarity to your understanding of what options are available to you in transferring the risks your legal vendors may create.

The Buying Legal Council series on cyber security was an excellent opportunity for attendees to both learn more about cyber risks in general and hear from experts on tactics to deal with these risks in specific. The members of the Buying Legal Council can access and watch all the videos within their member portal. The public can also view many of them, and we encourage anyone interested in understanding how to manage their legal vendor cyber risk to watch them at their convenience. If you wish to learn more about how CyberClarity360 can help you manage the risks in your legal vendor ecosystem, please contact us at [email protected] or visit our page at

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.


Efficiently assess and confidently track the security and resilience of third parties with CyberClarity360, a robust third-party cyber risk management solution.

Contract Management

Capture the value of contracts through M&A due diligence, acquisition integration and daily contract management.

Optimized Third-Party Cyber Risk Management Programs

Manage risk, not spreadsheets. Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with regulations such as NYDFS, FARS, GDPR, etc.

Third Party Cyber Audits and Reviews

Ensure that your third parties are handling sensitive data according to regulatory guidelines and industry standards with our cyber audits and reviews.

Data Breach Call Center Services

A notification letter can generate lots of questions for those affected by a data breach. Kroll’s call center services are provided by skilled representatives who know how to handle difficult questions and stand at the ready to serve your breached population.