Stephen Stewart is Chief Technology Officer at investigations and cyber security software company Nuix. I talked to him at Legaltech New York about the ever-wider uses for eDiscovery skills and tools, about the uses for artificial intelligence, and about our transition from investigating the past to confronting unwanted activity as it happens.
Stephen Stewart said that AI and technology-assisted review are “rehashed algorithms from 30 years ago”. TAR addressed an existing problem – the time and cost of eDiscovery review – and made it go faster.
Artificial Intelligence is used to solve particular problems and to open new possibilities – not just accelerating review, but enabling service providers to offer value beyond the purely reactive task of complying with discovery obligations. The chief of those values, Stephen Stewart says, is the application of business analytics to large stores of historic data. Many organisations have 10 years or more of data, and analysis of it can identify communications patterns and trends which, once identified, may improve the current business.
This may seem a long way from eDiscovery, but it is one step in a long continuum as people find they can do more and more useful things with data. eDiscovery is necessarily dealing with events of the past. The need to tackle cyber security risk involves taking eDiscovery skills and tools and applying them to current circumstances. The “bad guys” are in and out in five minutes, and we need to see what is happening right now to understand and address the problems this causes.
I asked Stephen Stewart who the buyer is as threats and roles have changed. One of the issues in the past has been that needs have been distributed between different parts of an organisation and between different budget holders, which has made it hard to establish the benefits to the entire business and to find budget to deal with it.
Stephen Stewart has seen an evolution of the roles within an organisation. The tasks that previously sat variously with IT, legal and other groupings are now all moving to the Chief Risk Officer, a higher level role with direct access to the board.
Cyber security risk, the GDPR, and other developments are forcing organisations to get their houses in order. The long-standing requirement to know what you have got and who has access to it acquire real significance in the face of cyber attacks and increased regulatory pressures. The lawyers are part of the team, working with others to face growing risks and to find new opportunities.