This morning I am in Austin, TX about to speak to a room full of business lawyers about the importance of understanding and managing third party cyber risk and the role that contracts have in this process. I recognize that they are not aspiring to be cyber or privacy lawyers and have plenty to keep up with in the subject matter in which they practice, so, I teach these classes from a higher level awareness and issue-spotting perspective, and, more importantly, the “why” for why this issue is important. To do this, I look for simple, everyday examples to which they can better relate.
In terms of third party risk (supply chain risk management / SCRM) to your own network, I still find the lesson of Fazio Mechanical / Target to work well.
In terms of the risk to your data —- or your clients’ data — I think I have a new winner: the ransomware attach on Epiq Global that impacted the data of the clients (and, adverse parties) of the attorneys who used that platform for ediscovery and other services. You can read more about this case here: