Business & Practice

New Integreon Cyber Incident Team Already Making Millions (1)

Sept. 19, 2019, 7:40 PMUpdated: Sept. 20, 2019, 10:10 PM

Integreon Inc. officially launched a cyber incident response team that it has been building since early 2018 and has already pored over documents related to more than 300 data breaches.

The cybersecurity business unit is projected to bring in about $8 million in revenue this year, said Jen Olmsted, vice president of sales for the Cyber Incident Response team. It is one of the fastest-growing business lines at the alternative legal services provider, which is well-known for providing clients with outsourced litigation review.

Olmsted, a former director of Thomson Reuters’ managed services business, said she joined Integreon in April last year to build the data breach response practice. The practice brought in $2.5 million in revenue in 2018, and now draws on a team of more than 500 data review specialists from offices around the globe, she said.

Integreon’s service is different than some cybersecurity response teams because it does not perform forensic investigations of breaches. It provides the process and labor to review the documents and data that result from a breach, Olmsted said, drawing on the company’s longtime litigation review business. That review informs which individuals need to be notified of the incident.

“It is not the sexiest portion of a data breach,” Olmsted said. You have to make sure the incident has been contained. But it’s still a crucial part—notifying customers they have been involved in a breach. “The government says they have to do this and if they don’t have it 100% correct, they can be sanctioned,” she said.

Governments have passed a slew of data privacy laws in recent years that require companies report data breaches. The European Union’s General Data Protection Regulation requires notification within 72 hours of a data breach’s discovery. U.S. states have a hodgepodge of rules.

The Integreon team has primarily partnered on projects with Charles River Associates’ cybersecurity investigators, Olmsted said. Other cybersecurity investigations and review firms include Kroll, UnitedLex and Epiq.

Alternative service providers are often viewed as law firm competitors, but that is not the case here, according to Olmsted. She said Integreon’s review team works alongside law firms’ cybersecurity practice groups that have been hired to advise on the legal ramifications of breaches.

There appears to be opportunity for experts who can help companies recover from breaches. According to a study released this summer from the Ponemon Institute and IBM Security, the average cost of a data breach to U.S. companies has grown by 130 percent since 2006.

The new cyber team is Integreon’s second new service line launched this year. The company in June launched a subpoena processing and compliance business.

Integreon is a sponsor of Bloomberg Law’s Big Law Business.

(Clarifies description of the use case and nature of the review process as described in the fourth and fifth paragraphs)

To contact the reporter on this story: Roy Strom in Chicago at rstrom@bloomberglaw.com

To contact the editors responsible for this story: Jessie Kokrda Kamens at jkamens@bloomberglaw.com; Rebekah Mintzer at rmintzer@bloomberglaw.com

To read more articles log in. To learn more about a subscription click here.