DLA Piper, one of the world’s largest law firms, is getting into the cybersecurity business, a rapidly changing field that is pushing the legal industry to experiment with ways to help businesses dealing with the complexities of security regulations.
The law firm plans to announce Monday the creation of a new subsidiary, Blue Edge Lab, its first foray into non-legal work.
Blue Edge Lab consists mainly of a subscription software service called CyberTrak, which will be sold to companies for $25,000 a year. It is essentially a guide to cybersecurity-related laws and regulations around the world, covering 23 countries. Within the United States, the service is tailored to support four major sectors: government contracting, energy, financial services and health care. The program summarizes legal requirements in each jurisdiction and assesses the risk of enforcement in those jurisdictions.
DLA Piper owns Blue Edge Lab, which has a 50 percent stake in CyberTrak. The other 50 percent is owned by the nonprofit trade group Internet Security Alliance, which partnered with DLA on the project. The trade group represents more than 20 companies across several industries, including financial services and government contracting.
The new service replaces what would normally cost hundreds of thousands of dollars for attorneys to research the same information.
Larry Clinton, president and chief executive of the Internet Security Alliance, said he has heard “horror stories” about companies attempting to introduce new products or doing mergers and acquisitions that had to contact several law firms in various jurisdictions because cybersecurity laws vary across states and countries. The purpose of CyberTrak is to simplify that process, he said.
“This information is useful to many different areas of a company, not just the general counsel’s office and the IT office,” Clinton said. “It provides an efficient way for entities to provide information to upper management who are considering broader business issues like new product launches and partnerships. We’re providing information that we think enables them to carry on business practices more efficiently.”
In terms of DLA Piper’s behemoth business, the project is minor. DLA Piper earned $2.48 billion in revenue in 2013, and the firm’s leaders say they will be happy if CyberTrak brings in $1 million over the next two years.
“It’s an ancillary business,” said attorney Vincent Sanchez, who co-chairs DLA Piper’s technology, sourcing and commercial practice. “We’re looking at new ways to provide products and services to our clients that may not be of the traditional law firm model.”
Sanchez and Jim Halpert, co-chair of DLA Piper’s U.S. cybersecurity practice, led efforts from the law firm side.
Clinton said the idea for the service was first considered several years ago, but at the time, cybersecurity laws weren’t developed enough.
“There weren’t enough laws and regulations originally to make a business of it,” he said. “But we have long since passed that threshold, we have lots of laws and regulations now, many are conflicting and create new problems.”
Forty-seven states and D.C. have enacted data breach notification laws, but they vary in content and complexity, so corporations that have employees and customers in many states and countries often struggle with how to meet all of them.