Phoenix Business Solutions is launching a new cybersecurity, compliance and information governance (CCIG) division to advise and train firms on how best to protect and gain value from their data.

The London-headquartered company, which is known for its work in the global enterprise content management sector as a key iManage partner, is in the process of hiring a dedicated cyber team and will shortly announce a number of new partnerships with cybersecurity vendors.

The CCIG division will offer clients a range of cyber security and information governance solutions and services, including behavioural analytics; compliance and policy management; threat identification, security information and event management; and consultancy and security awareness training.

Speaking to Legal IT Insider, Jason Petrucci, who took over as CEO of Phoenix in February, said: “Part of our strategy is to do more for our clients. Historically we have focussed on content: where it lives, how it is managed and predominantly around the iManage suite. But the strategic challenges that law firms have been trying to overcome have largely been achieved – they’ve taken unstructured content and data and got it under control.

“The key now is helping them to become aware of the risk of what they have. Law firms hold stuff they shouldn’t hold; they don’t always know what data they have got or where it should live. Our goal is to help them deal with the security aspect.”

He adds: “We’re not intending to become a hardware reseller but we’re identifying strategic pieces of technology that address security and compliance issues.

“With regard to GDPR, we’re the custodians of data within law firms and GDPR presents serious risks. There are challenges that firms are still not able to address because they don’t have the right process in place. We’re identifying solutions that help them address that.”

Phoenix will be looking at security solutions around ransomware and Petrucci said: “The Association of Corporate Counsel have been very specific in terms of what security law firms should have in place to provide legal services but hundreds are not nearly ready to meet that assurance.”

Longer term, Phoenix is hoping to offer a managed service to deal with security incidents on firms’ behalf. Petrucci says: “Our challenge is that there is perception that we are the ECM guys and the iManage guys but this is a natural, progressive step. CIOs now have a pretty decent platform and we look after that and do their upgrades. The bigger challenge for them is their clients bashing the door down saying ‘how can you prove my data and matters are secure and we’re not going to have another Panama Papers moment?’ It’s not a tech issue, it’s a business, boardroom issue and law firms need to understand that.”