The Rising Cost of Compliance: How Information Technology, Security, and Insurance Requirements Impact Diverse and Women-Owned Firms
Authored by Lindsay D. Dragon, Esq. of Wright, Finlay & Zak, LLP
In recent years, large corporations have increasingly imposed stringent information technology (IT), security, and insurance requirements on their outside legal counsel. These requirements, designed to protect sensitive data and ensure compliance with evolving regulatory standards, are non-negotiable for many clients in today’s highly scrutinized business environment. However, these same requirements can pose significant financial and operational challenges for smaller, diverse, and women-owned law firms, creating a barrier to entry that runs counter to the corporation’s diversity and inclusion goals.
The Impact of IT, Security and Insurance Requirements on Smaller Firms
Many corporations now require their outside counsel to maintain robust IT systems that meet specific cybersecurity standards. These may include implementing advanced encryption, multifactor authentication, frequent system audits, and real-time data breach monitoring. While these protocols are essential for protecting both the client’s and the law firm’s confidential information, they come with substantial financial and technical burdens. Smaller firms, especially those that have not previously had the resources or infrastructure to invest in such systems, often face significant challenges in complying with these demands.
In addition to IT and security measures, corporate clients require their outside counsel to carry a variety of insurance policies, including professional liability insurance, cyber liability insurance, and general liability insurance. These insurance policies are designed to protect both the client and the law firm in case of errors, data breaches, or other unforeseen incidents. Smaller firms, which typically have lower policy limits with affordable premiums, are now being required to obtain larger policies with higher premiums. Thus, while insurance is a critical risk management tool, the premiums for such policies pose an expensive obstacle for smaller firms.
Many of these smaller law firms emphasize diversity and inclusion. For these firms, the cost of meeting these heightened IT, security and insurance standards can be costly. Small law practices, which are already operating with limited margins, may struggle to cover the initial capital outlay required for security upgrades and to maintain compliance with ongoing monitoring and auditing requirements. The ongoing maintenance and insurance costs related to these requirements further compound this financial strain, creating a situation where the economic demands of compliance outweigh the ability of smaller firms to compete for major corporate contracts. As a result, diverse law firms may be excluded from major corporate engagements despite their qualifications and commitment to high-quality legal services, which undermines corporate efforts to promote diversity and inclusion.
Diversity and Inclusion Goals vs. Practical Barriers
The gap between diversity goals and practical barriers is widening as large corporations increasingly require compliance with stringent IT, security and insurance standards. As a result, the very firms that many corporations seek to support—those that are smaller, women-owned, or diverse—are being priced out of competing for significant legal engagements. This dynamic creates a challenging environment for diverse firms striving to grow and establish themselves in a competitive legal market.
Larger businesses focused on DEI would benefit to recognize that, despite their well-intentioned efforts to comply with evolving regulatory requirements, they may unintentionally hinder their goals of engaging minority and women-owned law firms. One potential solution is for businesses to adopt a phased approach to compliance, allowing smaller firms more time to meet IT, security, and insurance requirements. Rather than enforcing immediate and full compliance with stringent standards, businesses could gradually increase requirements as more cases or files are referred. This would give smaller firms the opportunity to build toward full compliance without facing immediate financial strain. Additionally, instead of imposing a fixed minimum insurance policy limit on outside counsel, businesses could tailor the limits based on the size of the firm or the volume of work being referred. By implementing these adjustments, businesses can better align their compliance goals with their diversity and inclusion objectives, fostering greater opportunities for diverse law firms while maintaining high standards of legal and regulatory adherence.
Conclusion
While the implementation of robust IT, security, and insurance measures is essential for mitigating risk and ensuring compliance with data protection standards, these requirements can have a disproportionate impact on smaller, diverse, and women-owned law firms. The financial and operational costs of compliance create significant barriers for these firms, potentially undermining the corporate commitment to fostering diversity and inclusion in the legal industry. As businesses continue to prioritize these compliance standards, the unintended consequences for diverse firms must be recognized, as these requirements increasingly limit their ability to compete for high-value corporate engagements.
If you have any questions about this article, please feel free to contact Lindsay Dragon at [email protected]. Lindsay Dragon is a Senior Associate Attorney at WFZ’s Nevada office.
Disclaimer: The above information is intended for information purposes alone and is not intended as legal advice. Please consult with counsel before taking any steps in reliance on any of the information contained herein.