Thomson Reuters, Pillsbury, FireEye Align to Provide Cybersecurity Compliance Program

Spurred by the growing and often contradictory cybersecurity regulatory burden facing companies, Thomson Reuters, Pillsbury and FireEye have formed an industry-first collaboration to help corporations meet new regulations and manage risk related to cybersecurity. In a release, the companies said this alliance affords institutions expertise and resources from a holistic, multi-pronged approach to cybersecurity risk assessment and due diligence that combines legal counsel, technical assessments and legal managed services to help meet a variety of internal, external and regulatory standards.

The release continues:

As targeted attacks become more sophisticated, complex and commonplace, organizations cannot rely on the patchwork of industry standards to use as a base for their cybersecurity or risk management program. Each organization should determine its own risk and address any issues or concerns before a problem arises. However, even a casual review of the news shows that many organizations are not meeting this seemingly minimal obligation with widespread success.

The alliance between Thomson Reuters, Pillsbury and FireEye provides the resources and guidance organizations can rely upon to help manage cyberrisk, especially as additional regulations in this area expand and evolve. Pillsbury, a leading international law firm, will help companies navigate the myriad regulations, standards and guidelines they face as well as provide them with legal counsel related to compliance and risk management. The Thomson Reuters Legal Managed Services team will leverage its experience and efficient processes to review contracts and agreements with third-party suppliers and assist in implementing key changes to such processes or agreements advised by Pillsbury. FireEye, an industry-leading cybersecurity company, will perform the technical risk assessments, advanced testing and response readiness to help each organization’s defense posture match the threats to their specific industry and operations.

“Cyberthreats and the regulations created to counter have grown incredibly complex,” said Brian Finch, partner and co-chairman of Pillsbury’s privacy, data and cybersecurity practice. “With that in mind, it is essential to bring multiple perspectives and skill sets together in order to attack the problem. The recently released cybersecurity regulations from the New York State Department of Financial Services cemented our belief that no one organization can fully assist a company in protecting itself from criminal attack and regulatory obligations. The opportunity to work with industry leaders like FireEye and Thomson Reuters to help companies solve those multiple objectives is a truly exciting one.”

Rich Stegina, vice president of Strategic Partnerships at FireEye, commented, “FireEye provides our clients with a global team of experts that can assess an organization’s cybersecurity situation via a range of pre-breach service offerings specific to the needs and goals of that organization. By strategically partnering with leaders in the legal industry — Pillsbury and Thomson Reuters — we can address the complex cyberthreats that the market and specific organizations are facing.”

Christy Weisner, director of Thomson Reuters Legal Managed Services, noted that a key element to this offering, and any cybersecurity risk assessment program, is the analysis of third-party agreements for gaps and degree of risk. “Our Legal Managed Services group at Thomson Reuters already supports clients across all sectors with ongoing contract lifecycle management and compliance solutions, and this alliance ensures clients receive a comprehensive team to address cyberrisk. Our managed services experts will evaluate each contract that involves client data or information systems and, following Pillsbury’s guidance, assist in renegotiation and redocumentation if needed.”

The Federal Reserve Board, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency are considering applying enhanced standards to address this issue for a sensitive and critical area of the U.S. marketplace. Additionally, the New York State Department of Financial Services recently issued regulations in “Cybersecurity Requirements for Financial Services Companies.” Covered entities must adhere to a wide range of cybersecurity requirements, including the establishment of a cybersecurity program and ensuring that third-party service providers are holding information in a secure manner.