PierFerd’s Panensky says newly-launched law firm offers “happiness” and “freedom”

Pierson Ferdinand is among the biggest legal start-ups in history, launching with over 120 professionals in January, and according to a partner in its cybersecurity practice Stu Panensky, the launch was motivated by offering staff “happiness” and freedom”.

The Insurer broke the news in December that the launch of the new national full service corporate law firm was in the works, and that the new venture would be a “virtual law firm” with limited brick-and-mortar spaces.

It describes itself as “technology-driven”, and handles all manner of business and legal affairs, such as corporate litigation and intellectual property services, with an ambition to “maximise” client experience.

“The thing that we sell to other lawyers is happiness and freedom, so we don't have a minimum billable hourly requirement, and we really let the partners drive their own practices,” Panensky said, speaking to The Insurer TV on the sidelines of Net Diligence’s Cyber Risk Summit in Miami Beach this week.

Panensky said that PierFerd didn’t “set out” to be among the biggest legal firm launches in history, but that the team is “proud” that it turned out that way.

“Giving that freedom and responsibility to partners is very liberating [for] partners that are used to a big law type of mentality. And so we think we have a lot to offer partner-level attorneys and hope that we will be growing into the AM Law 200 and 100 in a very short period of time,” the cybersecurity expert explained.

Panensky said that clients have “embraced” the law firm’s launch “with open arms” and have followed the attorneys to their new practice.

“We're here at Net Diligence to fully connect with our clients on a human [and] personal level, and so far, it's been great. I can't believe it's only been a month, but we're killing it. It's awesome,” Panensky said.

Fourth-party liability a rising concern

The incident response lawyer also discussed the latest breach trends, including highlighting the growing threat of third- and even fourth-party claims, where parties that clients interact with indirectly are suffering breaches that ultimately impact’s Piersen Ferdinand’s immediate clients.

“That could be both upstream…[where] one of my clients’ vendors have a problem and then that problem has trickled downstream to my client, or there's some instances when the problem happens downstream and it's one of my clients’ distributors or customers that has an incident that adversely affects my client,” Panensky said.

The legal executive said he and his team have been “wrestling” with “different permutations” of that issue in the last 12-14 months, adding that the issue of such indirect vulnerability brings “an extra layer of complexity”.

“It's nearly impossible for my client, with all the risk management skills that they might have, to predict the risks associated not only with their vendors, but their vendors’ vendors,” he said, calling it ”very challenging”.

“We've been dealing with this not only from an incident response perspective, where [we’re] trying to counsel our corporate clients in the so-called ‘peacetime risk management [stage]’, and anticipating such issues as part of a strategy, and in preparation for a potential loss.

“Don't think only about your IT vendor, but who are they doing business with? Are they with Amazon? Or are they with some smaller, maybe [less] reliable product?” Panensky said, laying out exposures that clients need to anticipate.

Lone wolf threat actors pose a growing threat

The Pierson Ferdinand lawyer said clients face a particular challenge in dealing with “lone wolf” threat actors who may not be as reliable or organised.

“The incident response in those situations becomes more challenging, because there's less reliability on what's going to happen,” Panensky noted, saying that for outside counsel, there is greater difficulty in making accurate predictions with lone wolf threat actors versus more organised and more publicised attackers.

Panensky added that in those cases incident responders face other challenges, including the potential for incidents to escalate into physical threats, citing at least one example where a victim has been “swatted”, where emergency responders like police react to a physical threat.

The cybersecurity lawyer said threat actors will take such measures “to show that they are serious”.

“So this is real life. And I'm not the only one, I've noticed that there's been some other commentators commenting on that relationship between the virtual realm and the physical realm. And at what point does a ransomware threat actor or an extortionist cross over to that physical threat area? And at what point? How do we handle that from an IR perspective?” Panensky commented.

“So those are all open issues right now.”

Watch the full interview with The Insurer TV and Piersen Ferdinand partner Stu Panensky to hear more on:

  • The maturation of incident response and how victims are getting better at responding to breaches;
  • How incident response is becoming more efficient as practitioners adopt lessons learned from the surge in threat activity in recent years;
  • The evolution of cyber insurers and how carriers are becoming increasingly sophisticated in their approaches to cyber;
  • And more…