But why would someone hire a law firm as an RPO?
Law firms offer several advantages as an RPO.
Government contractors frequently have existing, and sometimes extensive, cybersecurity obligations. The legal consequences for a failure to meet those obligations can be severe. The federal government has pursued False Claims Act cases related to insufficient cybersecurity. Other enforcement agencies have pursued claims related to cybersecurity, going to so far as to put at least one company out of business. Civil litigation is also a concern.
Law firms are well positioned to evaluate clients’ compliance efforts in a confidential manner. Organizations that are unsure about whether they currently meet their obligations should retain legal counsel to evaluate their obligations and assist in improving their cybersecurity posture, if necessary. These efforts may be protected by attorney client privilege and work product protection, which is especially important in the wake of a data breach.
Law firms are also well positioned to link a cybersecurity program into broader corporate governance, including the controls necessary to protect company executives from personal liability. Cybersecurity is the responsibility of senior leadership in any organization, and cybersecurity failures can be attributed to leadership, both at publicly traded companies and private entities.
Finally, cybersecurity often impacts other legal disciplines, such as licensing, employment, and intellectual property. Having a single entity capable of advising on all these interrelated concerns can be more cost effective, provide more consistent and effective guidance, and reduce stress, especially for small businesses.
By combining law firm expertise and the training necessary to become an RPO, Centre is well positioned to advise clients on cybersecurity generally and CMMC compliance specifically. Many clients find it useful to start with a small, discrete engagement, such as a tabletop exercise or a risk assessment, before engaging in a more long-term partnership.