A rarity 10 years ago, chief information security officers (CISO) are now being given a seat at the table at e-discovery companies as such organizations look to grow their clientele and services. 

To Sundhar Rajan, who's held the CISO position at e-discovery company Casepoint for nearly seven years, CISOs in peer companies have become the norm over the last eight years. For people in this role, the common task is to align their e-discovery company's goals with the need for security.

“Client data is the heart of the game,” Rajan said. “They need to be very careful about it and that they are responsible about it.” He added, “If anything happens to the client data our [company] reputation will be ruined in the market.”

Computer forensics and e-discovery services provider HaystackID also recently added a CISO to its ranks when it promoted former president of forensics John Wilson to the newly created position.

“The role is pretty much like most locations in making sure you have the security programs and audits in place,” Wilson said. “The workflows and processes that protect the business as well as being able to provide that guidance to our clients is probably the other key factor.” 

To be sure, assisting clients through compliance and data breach discussions has become an emerging service for e-discovery companies, and one that CISOs can help promote.

Cybersecurity, e-discovery and privacy staffing firm TRU Staffing Inc. founder and CEO Jared Coseglia noted the coupling of legal services and cybersecurity are causing e-discovery companies to expand their services.

“There is a collision and convergence happening between e-discovery, information governance, security and privacy that … [presents an] opportunity for e-discovery vendors to expand their services and prowess,” Coseglia said.

He added, “I think a CISO can be weaponized into a sale function [by talking] to clients about how they handle security.” 

Along with potentially greater access to clients, the CISO brings a cybersecurity perspective to the c-suite of a company, an added bonus for deploying security measures.

“You need to have that direct connection to the C-suite,” Wilson said. “Being able to have that direct connection for taking on threat responses, getting that budgeting to address those new vulnerabilities is very critical.”

As e-discovery companies see the opportunities for more cybersecurity work with clients and CISOs see the benefits of having a voice in the C-suite, could more CISO titles be ahead? When asked, recruiter Coseglia hesitated to call it a growing trend.

Instead, he said that while some e-discovery companies may not have the official CISO role, they have employees with similar CISO responsibilities that include managing data security for the company and client. The reasoning for officially bestowing the title could be part of a larger push to further brand itself as a security-minded company.

“Vendors may look to bolstering their security staff not only to better their client and organization [but] show the marketplace how seriously they take security,” Coseglia said.