Thinking data

DRE joins with Savient to develop Savitrace

Wed, 24 Jan 2024 09:19:00 GMT

With deep domain experience in understanding how software is created and built, including the use of AI, Digital Risk Experts is honoured to have helped create a new software tool, Savitrace, a tool that helps financial investigators navigate financial data in fraud investigations.

It is already gaining a firm foothold within government agencies and financial investigation firms and DRE are pleased to support Savient to gain increased traction and visibility of such a great tool that is purposefully built to comply with the EDRM model to maintain bench-marked best practice.

Savient sat down with Lisa Burton, CEO of Digital Risk Experts, to find out more about the collaboration that has helped shape Savitrace

Read interview

Find out more about Savitrace »

Are Your Employees Inadvertently Adding Holes In Your Security?

Mon, 15 Jan 2024 09:35:00 GMT

The two best assets of any business, people and data are where most risk lurks. 80% of corporate data is unstructured, created by people, in many formats, sent internally and externally to third parties, clients, partners, suppliers, consumers, and copied, forwarded, deleted, retained, classified and tracked - often illegally.

It is not surprising that IT Security and Legal, although worlds apart historically, are having to become close. We offer some pointers on how to mitigate people and data security risks.

Bridging the Gap: Are Your Employees Inadvertently Adding Holes in Your Security?
In the dynamic intersection of legal compliance and IT security, the role of employees becomes paramount. As organisations navigate the complex landscape of safeguarding data, it's essential to assess whether inadvertent actions are unintentionally poking holes in Corporate security measures.

Striking the Balance: Legal Compliance meets IT Security
Ensuring compliance with regulations is non-negotiable, but it's equally crucial to align legal mandates with robust IT security practices. Employee actions, often well-intentioned but uninformed, can create vulnerabilities. Bridging the gap between compliance requirements and the practicalities of safeguarding digital assets is precisely what DRE's expertise and solutions are about.

As organisations navigate the complex landscape of safeguarding data, it's essential to assess whether inadvertent actions are unintentionally poking holes in corporate security measures

The Unseen Risks: A Call to Action
From sharing sensitive information without encryption to overlooking security protocols, employees can unintentionally compromise the very standards organisations strive to uphold. At DRE, we are pleased to help our Corporate clients shine a light on these potential gaps and take proactive measures.

Holistic Training: Empowering Employees for Dual Success
A workforce educated on the legal implications of data handling is better equipped to contribute to a robust security posture. In a digital world, knowledgeable human interaction with a good sprinkling of emotional intelligence can be the difference between a major data breach and alerting a problem that can be dealt with swiftly.

Strategic Collaboration: IT and Legal Working Hand in Hand
Forge a seamless collaboration between your IT Security and Legal teams. Establishing clear communication channels ensures that legal mandates are translated into practical security and IT protocols. DRE is happy to report a proven track record of helping our clients shortcut boring training to create a working solution that hits the truth of a problem fast so that the best brains in the business can resolve issues effectively, whilst enjoying collaborative creative licence to support Business strategy, informing Boards as they go.

A United Front: Navigating the Future of Security and Compliance
In a landscape where data breaches can have far-reaching consequences, a united front of Legal and IT professionals is essential. Legal, Compliance and IT, working together as interwoven elements of a comprehensive strategy is a winner.

Regenerate

Thu, 31 Aug 2023 14:53:00 GMT

At DRE, we're fully aware of the urgency of environmental issues. Trees play a crucial role in lessening their impact, and we're committed to this cause. Our core values emphasise taking care of our planet, aligning perfectly with our partnership with GreenTheUK

We believe actions prove commitment better than words, and we're proud to demonstrate our dedication through actions. Despite challenges ahead, we're motivated by knowing each planted tree brings us closer to a sustainable world for future generations. Though our expertise lies in Legal Technology, Cyber Security, and Data Privacy, supporting the environment is also aligned with our goal. It's about safeguarding privacy rights and helping businesses ensure they meet their legal obligations regarding their data. This alignment shows our commitment to a world where people and data coexist seamlessly.

Thank you to those of you backing this journey. Your support keeps us motivated. Feel free to share thoughts, questions, or suggestions.

DRE and GreenTheUK

How to protect your business when cyber insurance premiums sky rocket

Fri, 02 Jun 2023 15:29:00 GMT

An organisation’s capacity to manage and contain cyber risk has become a commercial imperative. Whether it’s a major outage or a data breach, the potential financial and reputational losses from a cyber event can be devastating.

Dedicated cyber insurance can form a key part of an organisation’s response to managing cyber risk, but evaluating, mitigating and transferring cyber risk is not a tick box exercise.

The Sunday Times recently reported a 64% increase in Cyber insurance premiums which will no doubt raise eyebrows for those Executives who think the cost hike is high. Those who have been subject to a cyber-attack may be less surprised. Indeed, for those having to claim on cyber insurance, the impact of rising premiums and future cover is a significant cost and results in difficult decisions for the business forcing spending to be scaled back in other areas.

The Government’s The State of Security 2023 report says that “despite new strategies and better crossorganisation partnerships, security teams face significant challenges. The bad guys aren’t slowing down, either. Globally, our research found more incidents, longer dwell times and business-impacting damage.”

The Sunday Times recently reported a 64% increase in Cyber insurance premiums which will no doubt raise eyebrows

It is common knowledge that cyber-attacks are here to stay and have always been on the increase. Digital Risk Experts recently worked with a renowned and very well-known corporate name who came under attack from one simple phishing email. The employee thought the email had come from IT asking them to change their login details and boom, the attackers were in and managed to stay scrutinising the business for 6 months, from many different global locations to monitor the financial transactions and ultimately, facilitate a theft.

The fall out was colossal. The fraud that enabled the attackers to steal a large amount of money was really the tip of the iceberg. The cost of responding to the fraud was significant, as was the time spent by Senior Executives reassuring their Board, their employees and customers. The Board instructed a cultural change, to be reflected in people and process through the improvement of IT Security, Data Protection and closing working siloes between inter-disciplinary teams such as legal and IT. Their third-party IT provider had a role to play too - was the business getting all they were paying for from their third-party cloud provider, in particular, as it related to system security? Legal also needed to consider whether to notify the ICO and determine whether it was a formal data breach or a cyber-attack. Their insurance company were instrumental in helping them recover some of their losses.

Digital Risk Experts worked with a renowned corporate name who came under attack from one simple phishing email...The cost of responding to the fraud was significant, as was the time spent reassuring their Board, employees and customers

When cyber insurance became available, as a relatively new insurance product, underwriters had little data on which to base their assessment of risk. As the market has developed and more and more accurate and historical data has become available, underwriters have become better informed about the very real threat of attack and have responded by increasing insurance premiums. Marsh recently reported that premiums increased by up to 66% in the third quarter of 2022 compared to the previous year.

Now that underwriters have more data about the frequency and nature of attacks, they are asking more searching questions of a business to ensure appropriate cover. Businesses should be proactive and ensure they have robust procedures and protections in place to reduce the risk of any attack. As working from home proliferated as a result of Covid-19, a further possible line of attack became apparent and businesses must respond by taking steps to protect the business such as strict password policies and two-factor authentication; reducing the amount of data being accessed, stored and transferred by employees and encrypting sensitive data and personally identifiable information.

Underwriters have become better informed about the very real threat of attack and have responded by increasing insurance premiums

Other ways to demonstrate a robust defence to an Insurer could be to perform regular security maturity assessments to identify potential weaknesses and be able to demonstrate a strong incident response plan in the event of an attack. It is anticipated that those businesses that can demonstrate good cyber attack controls may benefit from price stability or reductions moving forward as competition in the insurance market increases as more insurers move to cyber cover.

No business wants to be in a position where their budget demands a decision being taken between improving cyber security and minimising the risk of attack, versus spending on comprehensive cyber insurance that will cover the business in the inevitable event of an attack. Prevention is always preferable to avoid loss of reputation and maintain business continuity. It is also vital for a business to be able to demonstrate to Regulators that steps are being taken to minimise risk and comply with legal requirements.

Digital Risk Experts can help your business by conducting a comprehensive Efficiency, Compliance and Security Assessment to identify potential weaknesses

The State of Security Report 2023 says that Data is the answer: 91% of respondents agree that better capture and analysis of detection data is one of the most effective tools to prevent successful ransomware attacks. The question is how do organisations do that?

Digital Risk Experts can help your business by conducting a comprehensive Efficiency, Compliance and Security (ECS) Assessment to identify potential weaknesses and recommend appropriate remedial action. This will allow any business to demonstrate to Insurers that steps are being taken to minimise risk and result in reduced insurance premiums.

Data and digital risk prevention: a business risk and a business opportunity

Thu, 13 Apr 2023 10:45:00 GMT

We all know, data breaches and digital controversies can be brand affecting and detrimental to company valuation. Yet somehow, it’s common to behave as though immune to this, protected by invisibility, and likely to rebound unaffected.

Conversely company valuation increases by demonstrating leadership among peers, differentiating over competitors, and proving the ability to stabilise and strengthen business ecosystem resilience.

Poorly managed data creates diverse risks with significant negative effect on an organisation if unchecked. Impact associated with breaches can be severe as a result of fines and penalties, recovery, financial and reputational costs, and other compliance challenges. Organisations need to be vigilant to ensure the safety of their data and thereby also continued success of their business.

Various means to do this exist, including ensuring contract terms incorporate data protection laws, using encryption services and malware scanners, auditing data security procedures on a regular basis, data protection training and adequate access management protocols. Indeed, 80% of data breaches are caused by internal actions of employees, which demands inside-out risk mitigation.

To stay ahead of the curve, identifying emerging threats and solutions, you need to understand which state-of-the-art of data security and privacy technologies can help. Above all, taking appropriate pre-emptive steps to protect data minimises risks and creates a safer, more secure environment for all stakeholders involved.

80% of data breaches are caused by internal actions of employees, which demands inside-out risk mitigation.

Frequently data risks associated with a global contract population include non- or poor-performance, financial loss from expired auto-renewed contracts, data breaches cyber threats, litigation, class actions and lack of privacy compliance. Risks are compounded with varying data linked to contracts (SOWs, addendums, superseded versions of originating contracts), and varied or weak processes including disparate or insecure user accessibility. This increases complexity and data risk by as much as 100%.

Examples of where inadequate safeguarding causes data privacy breaches include:

Data leaks due to immaturity of storage security and protection measures – contracts with third party software and IT providers must be negotiated jointly with a multi-disciplinary team of experts (comprising IT, Legal, Information Security, Tech Innovation, Compliance, and Business users)
Data retention practices and policies being inaccurate or incomplete – this results in hoarding data, erring on the side of caution, and the problem of data protection compliance grows (principles of minimisation, for example)
With retention comes defensible deletion – poorly managed data deletion requests or failing to comply with protection regulations can incur severe regulatory penalties that far outweigh the cost of mitigating effectively
Data deletion requests can have a major impact – they can blow budgets due to handling and processing inefficiencies (missed deadlines, costly delays due to manual legal review processes)
Poor understanding of data locations and ownership in the IT infrastructure – this can cause exposure to potential data breaches
Sustained adequate training for GC, DPO, and Info Sec teams is vital – this avoids the risk of enforcement actions and increased scrutiny from the ICO (and those Regulators that the ICO formally confer with, such as the FCA) due to non-compliance
Any large number of disparate, siloed systems and data sources – these increase the complexity of structured and unstructured data, and the risks spiral.

Siloed working is perhaps the greatest risk of all in relation to data risk management. This is common for those working within large corporates. Digital Risk Experts counteracted this by forming the concept of a Digital Risk Committee (DRC) which delivers real benefit inside client organisations.

Siloed working is perhaps the greatest risk ... Digital Risk Experts counteracted this by forming the concept of a Digital Risk Committee

DRCs bring together an internal multi-disciplinary team (efficiently bridging legal, IT, compliance, finance, HR, marketing) to enable business to alleviate siloed working, overcome poorly instructed and expensive third-party services, better manage past and current risks as well as envisage the future of the business using multiple sources of insight.

IFA Business Owner? How to ward off FCA and ICO attention

Tue, 13 Dec 2022 10:11:48 GMT

We all know trust drives growth, especially in matters financial. But it’s more than being relied upon to give great advice. Trust in your technology is part of the trust people have in you and your brand. Sadly, embarrassing losses of extremely sensitive and valuable data occurs with unnerving frequency in Financial Services.

To combat this many large corporations are introducing the role of Chief Trust Officer (CTO) as customers emphasis the need to know their data is safe. We looked at how you can be your own CTO and enable your clients to continue to have their trust in everything you do. This also makes it easier to recommend you to others when they are choosing an Independent Financial Advisor (“IFA”).

In a recent study, the average total cost of a data breach increased and is nearly £4 million, the highest ever recorded. Moreover, costs were even higher when remote working was presumed to be a factor in causing the breach. The financial impact of a data breach can be devastating to a business. The continuous increase in digital communications is providing plenty of opportunities for breaches to occur. In addition, the change to working practices contributes to organisations experiencing a data breach due to a remote employee and incidents are taking on average 29 days longer to identify and contain.

Through our proven, Efficiency, Compliance and Security (ECS) Assessment, LDW help IFAs quickly find a significant number of issues that explain often deeply woven and multi-layered problems.

The UK’s financial markets are stringently regulated by the Financial Conduct Authority (“FCA”) and The Information Commissioner’s Office (“ICO”) who work closely together, one reporting to the other any mismanagement of funds (proven via financial data flows) and evidence of poor security around data, IT, technical and ways of working. Failure to demonstrate activity in your control framework (even where the underlying policies are well-written documents), will mean the Regulators home in on a business – more demand is put on an already stretched Executive team.

Recently, LDW engaged with an IFA Group whose top executives are almost entirely focused on growth by acquisition, strategic planning and the bigger picture. They love the buzz of a constant stream of new acquisitions and investments. They do not get involved in the post deal integration, or the day-to-day steep compliance demands their business continually faces. Living on the highs of ‘new deals buzz’ the stark reality of the Company’s (and directors’) legal duties relating to financial and data protection compliance became underestimated.

The Problem
Highly acquisitive, fast paced, forward looking IFAs find their internal teams taking the strain on managing the ‘operational flow’ and juggling the multi-layered things that need time to think through that go right to the heart of IT, security, data protection and people, including culture. It is without doubt through the collapse of Asset Wealth Portfolio businesses reported in the press, that many of these complex problems leave people exposed to cyber threat (as easy as a single click on a phishing email), embarrassing data breaches, and reputational damage.

This is not ‘scare mongering’ – this is a real threat. 95% of e-mail breaches are caused by human error. Although cybersecurity solutions often focus on email threats such as phishing and malware, it is important to recognise that the majority of data breaches stem from people, with half of individuals at work admitting to unintentionally wrongly sending an email containing sensitive information. Reputation is an IFA’s greatest asset – the foundation for acquiring and retaining clients. However, it has been revealed that businesses who do not take the right steps to protect their clients’ data are suffering the consequences; losing customers due to security issues.

When these threats become reality, then the group, and its top executives will be embroiled in having to deal with the ICO and FCA to explain themselves. Calling investors and portfolio businesses to announce they have been victims of a cyber-attack, or a serious data breach is a very unpleasant task for an IFA business leader - causing intense stress and worry for them, their team, their families as well as their clients.

When IFAs continue to build and execute on their acquisition targets without addressing these risks, they only become deeper and more expansive.

How can IFAs Shore up their Security Posture Fast?
Through our proven, Efficiency, Compliance and Security (ECS) Assessment, LDW help IFAs quickly find a significant number of issues that explain often deeply woven and multi-layered problems. These are presented in a way that is easy to understand showing their impact (critical, high, medium, low) based on a logical division of business departments and functions. The ECS Assessment findings provide the insight to inform pragmatic security and data protection compliance recommendations, and both are presented in a ‘plain English’, succinct report for the Executive and Board to grasp the risks and work out the path to green and stabilise their business.

A detailed roadmap including a plan of urgent remedial actions to address key priorities quickly move the IFA into a safe and secure operational ‘status quo’ and can normally be executed within 1 -3 months. The remedial works form the foundations of a longer term, 360-degree holistic data protection and cyber security framework. One IFA we worked with used this to help them successfully establish how they would grow to achieve their target of portfolio wealth management to £25bn within their target timeframe.

LDW’s Digital Risk Committee – Highly Effective, No Cost
A highly effective tool that LDW has implemented with many clients is the implementation of our Digital Risk Committee solution, alleviating siloed working and poorly instructed and therefore expensive third-party services. Because it brings together an internal multi-disciplinary team of legal, IT, compliance, finance, HR and marketing, the elected Chair, (usually Legal since all problems normally land back at Legal’s desk!) can hear the past and envisage the future of the business using multiple pieces of insight. A Digital Risk Committee proactively manages broad, complex topics like security and privacy, that every part of the business is immersed in and find hard to control even with strategic plans in place.

A monthly meeting and a tracked agenda to manage initiatives and risks can really help unlock unseen business potential through this collective ‘eye’ into the business.

It is all about the customer and our day to day activities should be designed to enable their needs to be met. Doing that and protecting yourself can make for challenging decisions. We believe ECS helps make sure that there is never a choice between what’s best for the company and what’s best for the customer.

Feel free to contact Lisa or Andy (details below) to discuss how an ECS Assessment might help IFA leaders sleep soundly at night!

CEO Lisa Burton. Mobile: 07557 094635. E-mail: lisa@legaldw.com

Andrew Mills. Mobile: 07947 804792. E-mail: andy@legaldw.com

Dora the data explorer

Wed, 29 Jun 2022 12:33:00 GMT

The Digital Operational Resilience Act (DORA) is an EU Regulation aimed at the financial sector. It contains extensive requirements that businesses need to be aware of and preparing for.

Although it will not apply directly to the UK, legislation is expected shortly to mirror the provisions. In any event, you need to be aware of the requirements if your business operates in any of the following sectors:

Banks and financial institutions (PE houses, debt funds, alternative finance providers)
Stockbrokers
Independent financial advisers
Insurance providers
Information and communication technology – such as cloud based service or IT providers

DORA is expected to come into force in the EU in August 2022, and its aim is to harmonise security standards across EU member states to "ensure the operational resilience of the financial sector". It will also apply to UK businesses that have an EU subsidiary, or who provide services to the EU.

Anyone that fails to comply with the provisions will be liable for a significant fine of up to 1% of the annual worldwide turnover of the company per day, until compliance is achieved, for up to 6 months. By way of example, HSBC announced revenue of $49.6billion in 2021. Were they to fall foul of the new legislation, the fine would be in excess of $135million per day for up to 6 months, a maximum fine of $24.8billion. This demonstrates how seriously the DORA requirements must be taken to ensure that compliance is achieved well in advance of the implementation date.

Anyone that fails to comply with the provisions will be liable for a significant fine of up to 1% of the annual worldwide turnover of the company per day, until compliance is achieved.

The most significant provisions of DORA, which are expected to be mirrored across other jurisdictions are:

Regular and detailed risk management of ICT systems -to ensure continuing compliance with requirements.
Digital operational resilience testing - to regularly test systems to identify potential weaknesses, deficiencies and gaps. The scope of the testing will vary according to the size and resources of a company or institution.
ICT-related incident reporting - which will require an incident to be logged, classified in terms of severity and "major" incidents reported to the relevant authorities
Establishing strong business recovery policies - to include disaster and recovery plans.
Sharing information and intelligence - in relation to cyber threats and vulnerabilities identified.
Specific contractual requirements - in contracts between ICT third-party service providers and financial entities.

In addition to DORA, there are several other important legislative changes in the pipeline worldwide which aim to build digital resilience and will significantly change the operating requirements in all markets. This legislation includes:

The UK Telecommunications Security Act 2021 which will expand security duties for providers of public electronic networks and services covering identification and reduction of risks, incident response and breach notifications.
EU Proposed NIS2 Directive - another political agreement reached on 13th May 2022 which will expand the sectorial base of regulation (e.g. public administration, medical device, manufacturing, critical product manufacturing) and nature of duties (e.g. management accountability, supply chains) with tougher enforcement measures.
EU Proposed AI Regulation – which will introduce new cyber security rules for AI to reduce risks whilst allowing innovation.
EU Digital Markets Act and Digital Services Acts - both aim to harmonise the law on digital services in the EU.
Strengthening American Cybersecurity Act 2022 - focus on incident and ransomware reporting and a risk-based approach to cybersecurity management.

The legislative landscape is changing rapidly and businesses need to be prepared to avoid the huge potential fines. They should be conducting DORA Readiness Assessments at the earliest opportunity to identify risks and potential vulnerabilities in their systems. All IT policies and protocols must be reviewed and steps taken to prepare for digital resilience testing. Procedures for reporting and classifying incidents will also be necessary and all staff must be trained effectively on the wide range of increasing regulatory requirements.

You'd be nuts to ignore the increasing risk of cyber attacks on your business

Fri, 11 Mar 2022 10:00:00 GMT

The company that owns brands such as KP Nuts and Hula Hoops was recently targeted by a ransomware cyberattack.

The company has reported that this will result in supply chain issues and a shortage of crisps and nuts as the company will be unable to "safely process orders or dispatch goods".

Criminals can launch a cyber-attack using malware to infiltrate an IT system and steal data which they encrypt and demand a significant ransom to release, often millions of pounds/dollars. It was reported that the KP attack targeted highly sensitive information, including credit card statements, employee addresses and telephone numbers.

The UK's National Cyber Security Centre (NCSC) has recommended businesses strengthen their digital security in light of increasing attacks in recent years. They issued a Joint Advisory explaining that "in 2021, cyber security authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally. Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased threat to organisations globally." The NCSC recommends that businesses focus on reducing their vulnerability to attacks in the first place and reducing the impact of any successful attack.

The best way to prevent an attack is for a business to secure their data as strongly as possible by maintaining effective and up-to-date antivirus protection and firewalls; ensuring robust and regular backups so that lost data can be recovered for the business; and to train staff to recognise risks such as clicking on unknown weblinks or opening suspicious emails.

In the event of a cyber-attack, all businesses should have an established cyber security and data protection response to reduce downtime for the business and protect reputation

Most data risk that incurs a data leak or breach lurks in the 90% of communications data such as emails, documents, spreadsheets. Given inefficiencies through human error and employee psychology and less than robust processes, businesses leave themselves exposed to the risk of their cyber insurance policies not covering them - regardless of the strength of any IT security accreditation. Resources spent in prevention would be significantly less than the financial impact of any successful attack.

In the event of a cyber-attack, all businesses should have an established cyber security and data protection response to reduce downtime for the business and protect reputation and share price. Businesses should also consider lessons learned and steps that can be taken to reduce the impact of the attack and prevent future attacks.

The NCSC regularly provides information on cyber threats and advanced malware that is being utilised by criminals. They are currently highlighting the increased security threat from anticipated Russian cyber-attacks which are understood to have been used against Ukraine prior to the military invasion. As a result, they recommend “organisations in the UK to bolster their online defences”. There has never been a more important time for a business to protect their data from attack.

Take Action

Digital Risk Experts can perform an Initial ECS (Efficiency, Compliance and Security) assessment to help you better understand the level of risk your organisation might be exposed to.

Volume of data - a help or a hindrance in the legal world?

Tue, 01 Feb 2022 16:33:00 GMT

Dame Victoria Sharp DBE, President of the Queen's Bench Division, recently gave a speech at the National Criminal Justice Conference commenting on technology and digital data challenges.

Since 80% of data breaches are insider threat (weak and inefficient processes, employee errors or fraudulent activity, as well as supply chain errors) logic dictates that you start negating that threat from inside too. That is Digital Risk Expert’s mission, helping corporate clients and GCs manage the cost-risk of data as well as unlock its value as an asset.

Read Rachel Mill’s summary of the speech below for a quick overview of how Courts are highlighting the risks of digital data that is growing exponentially in complexity and volume. While presenting issues for law enforcement and the Courts in how data is handled and presented, there’s acknowledgment too that it is providing corporate cyber criminals with more opportunity for "crime, deviance and misuse".

Rachel Mills writes:

As the use of technology increases in everyday life, so does the volume of data created. It is estimated that 2.5 quintillion bytes of data were created every day in 2021. 90% of the data in the world was created in the last two years and moving forward, it is expected that the volume of data will double every two years.

There are two challenges with digital data and they are the volume of available data and the need for judges and jurors to understand the digital data presented to them at trial.

In her recent speech, Dame Victoria Sharp DBE, President of the Queen's Bench Division acknowledged the increasing dependence of the world and the criminal justice system on technology and the proliferation of technology and how it has changed "how individuals behave and engage with the world around them".

She commented that there are two challenges with digital data and they are the volume of available data and the need for judges and jurors to understand the digital data presented to them at trial. Very few cases are now presented to a jury without digital evidence whether that is text messages, emails or triangulation data that can place a Defendant within a known area at the time of an offence. This creates new challenges for the Police and legal teams in gathering relevant digital information, storing that information and ensuring the quality and integrity of that evidence. Unless that digital evidence can be shown to be credible, it risks failing the admissibility test and cannot be presented to the Court.

Dame Victoria Sharp also commented that the huge volume of data now presents opportunity for "crime, deviance and misuse" and that this had led to the development of new types of crime and unprecedented challenges for those investigating these new types of crimes.

It is clear that the volume of data is increasing exponentially and it is more important than ever that businesses secure their data, manage it to comply with relevant regulations and prevent criminal misuse.

How artificial and human intelligences are coming together to change the early data assessment game

Thu, 11 Nov 2021 13:04:00 GMT

Early data assessment is changing. Legal consultant Rachel Mills explains why.

The logic of early data assessment has always been undeniable, even more so now given the technological advances we’ve seen in recent years. Solutions like Reveal-Brainspace have added powerful emotional and sentiment analysis capabilities to traditional text search tools, giving us even richer insights in those critical early days. What’s not to like? Well, that would be the habitual fear of incurring early costs obviously, so we often get a ‘no’ to EDA, even though just as often this initial refusal turns into later regret.

What if AI can be leveraged to highlight ‘risky’ data that may be indicative that settlement is prudent or an award of damages is likely? This would have to be tailor-made to particular clients or types of claims to be most effective but is this where data-driven insight helps logic battle habit and triumph in the fight for early data assessment?

Let’s first review the ‘Why didn’t we settle on day one?’ scenario. It should be familiar and goes something like this:

In all forms of dispute resolution, clients often look back with the benefit of hindsight and say, had we settled earlier, we would have saved costs. This is particularly so in class actions or group litigation where multiple claims of a low value can result in a significant payout and excessive costs.
If litigators knew what data relating to a case might be available earlier, it could significantly impact litigation strategy and the ultimate decision of when or if to settle. This would ultimately reduce the costs for both parties.
Clients often say at the beginning of litigation that there is no chance of a settlement because they consider there has been no negligence. At that stage, disclosure has not taken place and the parties are unaware of the information available to support a claim or a defence. They are also concerned about their reputation and spurious claims.
There is a reluctance to be seen to settle claims as a commercial decision in order to reduce the final bill for damages and costs. Consequently, there is a settlement at a later stage when the cost of litigation and the risk of paying claimants’ cost becomes too high. The parties have also entrenched their positions by this stage which makes settlement more difficult and often more expensive. Claims generally settle after disclosure when the parties become aware of the potential data available that will impact the claim.
Class actions often have a huge amount of data that needs to be gathered and interpreted before an accurate cost-benefit analysis can take place. If data analysis can happen at an earlier stage, and more effectively, this can determine whether class actions should be settled or defended at an early stage.
The issue with early data assessment is that clients need to “front-end” the cost of litigation so that they spend money on data analysis early to avoid costs escalating later. Some are reluctant to do this but must understand that it could ultimately save unnecessary costs and assist with future claims analysis.

Solutions like Reveal-Brainspace have added powerful emotional and sentiment analysis capabilities to traditional text search tools, giving us even richer insights in those critical early days

With the skilled use of AI, you can overcome that reluctance by offering much more certainty. Our own legal technologists, for example, have the ability to create AI libraries that can learn patterns in data over and over again; this sort of data sampling and the inferences taken from it make early evaluation of a case a very much more exact science.

When you pair that technology with the right human intelligence – the investigators and case reviewers – you can also be confident of having quality judgements based on quality data sets. That sort of empowerment early on can put you in a very strong position for early settlement negotiations or an advantageous strategy at the Case Management Conference.

Old habits die hard. But AI is breathing life into new ones when it comes to early data assessment.

Cyber insurance and data protection

Tue, 19 Oct 2021 15:59:00 GMT

Cyber insurance and data protection - how do they relate to one another? Here at Digital Risk Experts it’s clear that the two are becoming inextricably linked.

Your cyber insurance – will it pay out on a data breach when you left one of your ‘business gates’ open' for hackers to get in (think TalkTalk in 2015). Does it need to be Armageddon before your policy will pay out? Are you deductibles excruciating? Boards need to understand that data risk equals financial risk. In this podcast CEO Lisa Burton talks to Jon Nottingham of Gen2 Insurance about the cyber insurance market and how the right approach to data protection will afford you the best financial protection.

Digital Risk Experts & Reveal to deliver richer client experience

Thu, 09 Sep 2021 15:01:00 GMT

Digital Risk Experts designates Reveal as its Preferred SaaS-Based AI Platform

September 9, 2021 - Brainspace, the global provider of the leading AI-powered eDiscovery platform, announced today that Legal Data Workspace has engaged the AI technology powerhouse to provide superior, end-to-end solutions driving today’s forward-thinking legal organisations. As the leading data management company, Legal Data Workspace work with the most intelligent, user-friendly AI solutions. Their solid relationship with Reveal Brainspace enables our team to deliver a richer client experience.

“Our platform has completely redefined AI innovation in the practice of law. Fueled by the world’s most powerful AI technology and backed by the largest team of data scientists in the industry, Reveal is uniquely positioned to fulfill Digital Risk Experts’ eDiscovery needs,” said Wendell Jisa, founder & CEO of Reveal. “We’re looking forward to working with theDigital Risk Experts team and helping the entire organization gain a massive competitive advantage in a rapidly evolving space.”

Digital Risk Experts will take full advantage of Reveal’s platform, which includes industry-leading processing, early case assessment, AI, review, production functionality and customizable API-enabled back end, along with superior visual analytics. For the first time, all of these superior AI-powered technologies are now available on one comprehensive hub – creating a customer experience unrivaled in the industry. Digital Risk Experts will be specifically leveraging the platform for instant ability to provide our clients with the best AI toolset to manage ad hoc data assessment/analytics requests in addition to eDiscovery and Managed Document Review projects.

I am truly delighted to be working with Reveal Brainspace – an intelligent integration of the best tools that delivers ease of use and pragmatic workflows for users

Lisa Burton, CEO Digital Risk Experts

Digital Risk Experts selected Reveal’s eDiscovery solution because it allows for the frictionless automation of key eDiscovery processing, data analytics, utilisation of sophisticated artificial intelligence models for review, compliance and more – all of which can be used across their operations.

Lisa Burton, CEO of Digital Risk Experts said “As a Legal Technologist for 25 years and having worked with all of the eDiscovery platforms, witnessing the growth of the TAR, CAL and AI technologies in the space, somewhat tested under the stringent eye of UK Courts, I am truly delighted to be working with Reveal Brainspace – an intelligent integration of the best tools that delivers ease of use and pragmatic workflows for users – and one that the team at Digital Risk Experts is proud to offer in our suite of top products.”

Digital Risk Experts is one of more than 36 organisations that have selected Reveal’s AI-powered solutions since the start of 2021. The influx of new client wins for Reveal reflects the growing demand for what the company is offering – frictionless automation of custom eDiscovery workflows.

These new, strategic partnerships come on the heels of other significant moves made by Reveal shaping the legal industry. In less than six months, Reveal has merged with the two leading AI solutions, Brainspace and NexLP – catapulting the company to its position as the largest legal-focused AI provider globally. Reveal’s customers include the leading legal service providers, law firms, corporations and government agencies around the globe.

Why M&A needs data due diligence

Tue, 03 Aug 2021 15:32:00 GMT

Let’s talk about due diligence in the Mergers & Acquisitions process. Most people know it contains financial due diligence, commercial due diligence, legal and often environmental due diligence.

However, in an increasingly digital age, where data is or can be as valuable as what the business does itself, the one facet of diligence that is lacking, at present is DATA due diligence.

The Global M&A market in 2020 was $3.7trn, and in the UK it was valued at c£350bn.

In a survey by EY, 57% of CEOs said they would consider an acquisition in the next 12 months as a means of growth. The M&A and transactions market is expected to be buoyant in the next 1-3 years. But set this against an increasingly disturbing cyber risk landscape:

Ransomware attacks have increased by 195% on 2019 levels, and will only continue to increase;
Cost to UK companies alone in 2020 was c£350m of malware and ransomware attacks. Globally that is estimated to be a $20bn problem;
80% of cyber breaches/security threats are generated through insider threats; and
90% of data is “dark”. What does your business know about the data it generates at present?

Data due diligence helps identify any gaps in a company’s IT, data and security packages where ransomware and malware programmes could enter the system

GDPR and data protection has recently focused the need for companies of all sizes to be ever more mindful of its customers’ data protection, and also of the opportunity to recognise the potential to their businesses of accessing, harnessing and understanding and using their customers’ data. This can enable them to anticipate sales trends, and tailor sales and product/service offerings that are more targeted and have a higher chance of stronger take up from customers.

From an M&A perspective, the benefits of data due diligence are:

Helps identify in the early stages any gaps in a company’s IT, data and security packages where ransomware and malware programmes could enter the system – enabling them to be “plugged” before any attack;
Avoids having to pay ransom and be held hostage, taking management time and focus in dealing with the attack, thereby not running the business;
Avoiding an attack avoids current and future insurance issues and disputes with insurers;
Avoids data breaches/fines/reputation issues and hits to confidence, and for publicly listed companies, a severe potential knock-on share price that would far exceed any fine/ransom or insurance issue;
For acquisitive companies or Private Equity houses backing corporate acquisitions, it will also protect and enhance exit multiples when the business is eventually sold – less opportunity for an acquirer to price chip/put forward a disadvantageous deal structure on acquisition (such as consideration being held in an escrow account for a long period of time, and turning into quasi earn out consideration)