Connie Brenton, VP of Law, Technology and Operations at NetApp, recently showcased some findings from an ambitious undertaking, NetApp’s Outside Counsel Cyber Assessment Project.

At the heart of the assessment was concern that despite the importance of vendor management in cybersecurity programs, law and other professional services providers have avoided being deemed “vendors.” “In doing so,” Brenton writes, “law firms have flown under the cybersecurity radar because only ‘vendors’ typically undergo cybersecurity reviews as a part of corporations’ procurement teams’ onboarding process.” Thus was launched a rigorous effort to get a comprehensive view of how law firms, big, small and in between, handle security of their networks, data and systems. The result is a fascinating roadmap for assessing the security of outside counsel, along with some surprising results (e.g., more than a third of firms confirm that fourth parties had access to NetApp data). Check out Brenton’s summary here.