How one law firm made security a business development opportunity

Mark Walmsley, CISO at international law firm Freshfields, says a proactive approach to security helps the business win clients and gets its lawyers to embrace security.

Tiny figures are drawn toward a big, glowing lightbulb with a security shield. [idea/opportunity]
Digital Storm / Peshkov / Getty Images

For all the external threats facing companies today, sometimes the hardest challenge can be changing perceptions internally about cybersecurity and what the security team does. Changing mindsets to see security as an aid to winning new business is one way to help change the view of security in the organization.

Freshfields Bruckhaus Deringer LLP is an international law firm with roots as far back as the mid-1700s. A member of the prestigious “Magic Circle” group of law firms and the oldest international law firm in the world, today it has 27 offices around the world, over 300 partners worldwide and more than 4,000 staff.

CISO Mark Walmsley leads a security team of around 20 that is responsible for physical security, supplier assurance, network design, client audit, incident response, penetration testing, training awareness, and privacy work. “People might say legal is behind other industries [around security], but actually I think we're catching up very quickly,” says Walmsley. “Law firms, like other professional services firms, are fairly cash rich and can make decisions reasonably quickly.”

Talk to the business about the right things

Walmsley worked at the company as a lawyer before moving into the IT department and working his way up to the role of CISO. The fact he has the experience and understanding of the business he is helping secure can be beneficial. “I'm very fortunate in that I have lived on both sides of the fence. Lawyers are detail people. Anything that you say they will drill into, so it's all about planning what you're saying to them, how you're going to say it, what's the key messages and keeping it nice and short.”

To continue reading this article register now

The 10 most powerful cybersecurity companies