Typically, you wouldn’t automatically think of law firms when it comes to digital transformation. However, given the evolution of technology in industries the world over, that perception could be changing. Take Irwin Mitchell as a case in point. The company has undergone a significant digital transformation since Graham Thomson, Chief Information Security Officer, took the helm in June 2017.
Indeed, Thomson arrived at the business on the back of a disruptive cybersecurity incident a few months prior. The board had decided they needed to address the issue to prevent it from happening again. Thomson’s first action was to review the current status. He created a three-year strategy to work out what needed to be achieved, how and when.
“In order to achieve rapid and effective cybersecurity strategy development and implementation, you need the collaboration and commitment of numerous stakeholders,” he says. “With robust security foundations established, the focus shifts towards maintaining constant visibility of all assets, and progressively enhancing the protective and detective measures.”
People-Centric Digital Transformation
Thomson believes Irwin Mitchell is much more than a traditional law company. He affirms its competitive advantage is its customer-centricity and drive to leverage technology while putting people first during digital transformation.
“We’re far more than just a law firm,” he says. “I think what sets us apart is that we’re very people focused and an organisation that genuinely cares about not only our clients but our people too. People are your biggest asset, and you have to look after them. Our culture is very important to us, and we’ve become very flexible after COVID-19 which makes a big difference and allows people to work around their own needs as well that of our clients.”
In the early days of his tenure, Thomson realised the importance of implementing a control framework. To address all the risks identified, Thomson set about creating his own control framework with a blend of the top hard-hitting controls that really make a difference from a variety of other international offerings.
“You work through those as part of your strategy,” he continues. “That means identifying the risks, listing the mitigating controls, and then building the projects to implement them. But you need to ask yourself what’s the overall cost of all that and does it require new vendors? You need to win the budget and then talk to your vendors and negotiate. None of these things happen by chance so you’ve got to drive it to deliver on time and within budget.”
Innovating with secure technology
A former military intelligence operator, Thomson is a proven innovative information, cybersecurity and technology leader with a wealth of experience in multiple industries, including finance, online retail, manufacturing, and legal. His unique approach to information security, known as the “Lead, Identify, Protect, Detect, Respond, Recover & Learn” methodology, has allowed him to excel in creating effective risk-based security frameworks that can safeguard any organisation. Thomson is passionate about giving back to the community through education and engagement and he harbours goals to blend modern security theory with practical, hands-on experience to ensure that security makes sense to colleagues and empowers businesses to operate and grow securely through technology.