Some of the biggest cyber risks to your organization aren’t on laptops or servers— they’re lurking behind walls, hiding in utility closets, or humming away on rooftops. And they’re easier to overlook than you might think.
The convergence of an organization’s physical infrastructure with its digital systems is significantly altering the risk landscape, as Chris Pogue of cybersecurity and cloud services provider CyberCX, writes in his cover story for us. Building management systems, access control panels and operational technology are all connected to the network, representing a host of vulnerabilities.
“For years, legal teams have focused on the cybersecurity risks of traditional IT systems: laptops, servers, email, cloud. That’s understandable. That’s where the headlines, governance, risk and compliance regimes and security frameworks usually point,” Pogue writes. “But increasingly, the initial compromise doesn’t start in the server room, it starts in a boiler room, or a maintenance closet, or a rooftop HVAC unit with systems that were never designed with security in mind.”
Pogue goes on to analyze these threats and explain what legal teams need to do to get ahead of these risks. It’s an important read for any in-house counsel, especially those working for organizations with legacy building infrastructure.
Of course, not all threats are embedded in your walls. They can also surface in your contracts. Jeffery M. Cross, a columnist for Today’s General Counsel, looks at the latest twist in the noncompete saga after the Federal Trade Commission (FTC) dropped its appeals of two federal court decisions that had blocked its nationwide ban. Cross’ column examines what this development means for both employees and employers.
“With the FTC’s appeals abandoned, the focus now shifts to whether employees themselves can bring challenges under the antitrust laws—particularly Section 1 of the Sherman Act,” Cross writes. “If successful, such claims could entitle workers to triple damages and attorney’s fees, and in some cases be pursued as nationwide class actions.”
Be sure to read his story and dive into the complexities of this issue. Also, don’t miss out on the other articles in this magazine on topics like AI adoption in legal teams, the human side of eDiscovery, the challenges of crossborder data, the cost of legal friction, and the advantages of arbitration
We are sure you’ll find plenty of insight and inspiration to share with your team in this issue. As a reminder, this selection of articles represents just a small sample of the content we publish each day. Don’t forget to check our website regularly and follow us on LinkedIn and X for the latest updates.
Wishing you a wonderful holiday season and a prosperous 2026!
Amanda Kaiser Editor-in-Chief
STORY
DATA PRIVACY & CYBERSECURITY
SPONSORED
Presented by
DATA PRIVACY & CYBERSECURITY
11 From Terabytes to Timelines: How GCs Can Gain Control of Cross-Border Data
By Timothy LaTulippe and Hunter McMahon
Learn about a datacenter-style solution that ensures compliance with regional laws and standards.
8 The Overlooked Threat: How Legacy Building Systems Pose New Cyber Risk
By Chris Pogue
Systems once seen as isolated and harmless are now networked. Where there’s connectivity, there’s risk— especially with legacy building systems. PAGE 8
PAGE 11
13 AI Adoption
101: How to Treat AI Like a New Colleague on Your Legal Team
By Bärí A. Williams
Learn the best strategies for AI adoption and how to treat the technology like a new team member in terms of integration and onboarding.
SPONSORED | Presented by
LITIGATION
15
Why Arbitration Belongs in the Boardroom
By
Michael Marra
Dispute resolution is both a legal mechanism and business strategy.
INTERVIEW
17 LawVu’s David Lancelot Talks Research on the Cost of Legal Friction (Part 1)
Read the first part of an exclusive interview with LawVu’s CLO on the latest research tracking the cost of legal friction.
15
From IN PARTNERSHIP WITH ACEDS
21 The Human Side of eDiscovery: Building Teams That Blend Legal and Technical Skills
By Maribel Rivera
Learn why the human side of eDiscovery matters as much as the tools or workflows.
17
COLUMN THE ANTITRUST LITIGATOR WITH JEFFERY CROSS
19 Can Employees Still Challenge Noncompetes After the FTC Drops its Appeals?
By Jeffery M. Cross
The Federal Trade Commission (FTC) has dropped its appeals on noncompetes. Learn about the future of employee challenges.
EXECUTIVE EDITOR
Bruce Rubenstein
CHIEF OPERATING OFFICER
Stephen Lincoln
DIGITAL EDITOR
Catherine Lindsey Nienhouse
CONTRIBUTING EDITORS AND WRITERS
Jeffery M. Cross
Timothy LaTulippe
Michael Marra
Hunter McMahon
Chris Pogue
Maribel Rivera
Bärí A. Williams
EDITOR-IN-CHIEF
Amanda Kaiser
SENIOR EDITOR
Barbara Camm
FEATURES EDITOR
Jim Gill
MANAGING DIRECTOR OF CLIENT PARTNERSHIPS & INITIATIVES
Lainie Geary
WEB EDITOR
Jessica Bajorinas
ART DIRECTION & PHOTO ILLUSTRATION MPower Ideation, LLC
ACCOUNT EXECUTIVE
Stella Vargas
DATABASE MANAGER
Patricia McGuinness
EDITORIAL ADVISORY BOARD
Dennis J. Block GREENBERG TRAURIG LLP
Thomas W. Brunner WILEY REIN LLP
Mark A. Carter DINSMORE & SHOHL LLP
Jeffery Cross SMITH, GAMBRELL & RUSSELL LLP
Jamie Gorelick WILMERHALE LLP
Robert L. Haig KELLEY, DRYE & WARREN LLP
Robert C. Heim DECHERT LLP
Sheila Hollis DUANE MORRIS LLP
SUBSCRIPTION
Subscription rate per year: $199
For subscription requests, email subscriptions@todaysgc.com
David A. Katz WACHTELL, LIPTON, ROSEN & KATZ Nikiforos Iatrou MCCARTHY TETRAULT LLP
Steven F. Molo MOLOLAMKEN LLP
Robert A. Profusek JONES DAY
George D. Ruttinger CROWELL & MORING LLP
Jonathan S. Sack MORVILLO ABRAMOWITZ GRAND IASON & ANELLO PC
Victor E. Schwartz SHOOK, HARDY & BACON LLP
Jonathan D. Schiller BOIES SCHILLER FLEXNER LLP
REPRINTS
For reprint requests, email Lisa Payne: lpayne@mossbergco.com Mossberg & Company Inc.
All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, without the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients.
To submit an article, go to todaysgeneralcounsel.com/submissions
The Overlooked Threat: How Legacy Building Systems Pose New Cyber Risk
By CHRIS POGUE
There’s a hidden risk humming quietly inside the walls of your buildings, and no, it’s not just your HVAC system. It’s the convergence of physical infrastructure with digital systems, and it’s happening whether we’re ready or not. From building management systems (BMS) to access control panels and operational technology (OT), the systems we once thought of as isolated, mechanical, and harmless are now connected to the
network. And where there’s connectivity, there’s risk—especially for legacy building systems.
For years, legal teams have focused on the cybersecurity risks of traditional IT systems: laptops, servers, email, cloud. That’s understandable. That’s where the headlines, governance, risk and compliance regimes and security frameworks usually point. But increasingly, the initial compromise doesn’t start in the server room, it starts in a boiler
room, or a maintenance closet, or a rooftop HVAC unit with systems that were never designed with security in mind.
OLD TECH, NEW PROBLEMS
Roughly 75% of commercial buildings in the US were built before 2000, according to Veridify Security. Most of them weren’t born “smart.” Instead, they’re being retrofitted with internet-enabled sensors, controllers, and platforms. The problem?
These upgrades often connect insecure, decades-old OT systems, like fire alarms, lighting controls, or badge readers, to modern IT networks.
It’s a Frankenstein situation: legacy protocols like BACnet and Modbus get stitched into modern architecture, sometimes without segmentation or authentication. Suddenly, a threat actor with access to your access control panel also has a potential pivot into your business network.
These aren’t hypothetical attacks. They’re playbooks.
A CAUTIONARY TALE: THE TARGET BREACH
In one of the most well-known breaches in cybersecurity history, attackers gained access to Target’s network through a compromised HVAC vendor in 2013. That vendor had legitimate access to internal systems. Once inside, the attackers moved laterally, eventually planting malware on point-of-sale terminals. The cost? Over 100 million records compromised, and estimated $290 million in fines and fees, and an enduring cautionary tale in vendor and OT risk.
The lesson is simple: if it’s connected, it’s exploitable.
QUIET SYSTEMS, LOUD CONSEQUENCES
OT environments were never meant to be secure, they were meant to be reliable. And that’s part of the problem. These systems often run on outdated software, with hardcoded credentials, poor patching practices, and little to no network segmentation. For years, they’ve flown under the radar of cybersecurity programs.
But they haven’t flown under the radar of attackers.
Recent breaches involving utility systems, industrial controllers, and building access panels all follow a familiar pattern: exploitation of overlooked systems to establish footholds. Once inside, attackers use the same tactics they’d use in a traditional IT environment, credential dumping, lateral movement, and data exfiltration.
A recent joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI) highlights how even unsophisticated attackers are exploiting exposed OT systems to disrupt operations or plant ransomware. In one example, a threat actor exploited publicly accessible remote access software with default credentials. No zero-days. No sophistication. Just basic oversight with massive consequences.
THIS ISN’T JUST A SMART BUILDING PROBLEM
While smart buildings with high-end integrations get much of the attention, the real risk might be in the older ones. Buildings that were never designed to be digital are being dragged into the 21st century with retrofits that prioritize convenience over security. And with the growing adoption of remote management tools, many of these systems are now exposed to the public internet, and as previously stated, with default credentials still intact.
The risk is clear. Awareness isn’t.
The White House has increasingly acknowledged the risks posed by the convergence of cyber and physical systems. In June 2025, former Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger warned
that US infrastructure remains vulnerable to cyberattacks , noting that operational systems still lag behind traditional IT in security protections. For the commercial real estate sector, this includes building management technologies such as HVAC, lighting, elevators, and access controls.
Federal agencies, including the Environmental Protection Agency (EPA), Federal Communications Commission (FCC), and the Department of Health and Human Services (HHS), continue to expand sector-specific cybersecurity regulations, while policymakers emphasize stronger private-sector accountability in securing interconnected building systems that directly affect tenants and investors.
CISA AND THE FBI ARE PAYING ATTENTION
CISA and the FBI have issued multiple joint advisories in 2025 warning about threats targeting OT, BMS, and converged environments. The guidance is blunt: these systems are actively being targeted, not just by sophisticated nation-state actors, but by low-skill attackers exploiting default passwords and outdated software.
Among the key takeaways:
■ OT systems are being used as entry points for ransomware operations
■ Nation-state groups, particularly Iranian-affiliated actors, are targeting critical infrastructure through exposed building systems.
■ There’s an urgent need for secure-by-design principles in retrofit and new construction alike.
Prefer to read this online? Click here.
WHY LEGAL NEEDS TO LEAN IN
Legal teams have a critical role to play, not only in responding to breaches after they occur, but in proactively shaping how organizations manage cyber-physical risk. This begins with contract review: ensuring that third-party vendors responsible for building systems are held to appropriate cybersecurity standards. It also extends
From building management systems (BMS) to access control panels and operational technology (OT), the systems we once thought of as isolated, mechanical, and harmless are now connected to the network.
to policy alignment, verifying that incident response plans account for OT and physical infrastructure, not just traditional IT. Insurance policies should be reviewed to confirm they cover losses stemming from building management system (BMS) or OT compromise.
Just as importantly, governance must evolve to include the security function in conversations around facilities, construction, and retrofit planning. Many of these systems are procured and operated outside of IT’s oversight, often by facilities teams,
developers, or external integrators. Legal departments are uniquely positioned to bridge these operational silos, drive accountability, and embed cybersecurity considerations into all corners of the organization’s risk posture.
CLOSING THE GAP
Cybersecurity is no longer just about IT. It’s about doors, cameras, HVAC units, elevators, and lighting systems. The line between cyber and physical has all but disappeared, and with it, the illusion that some systems are too niche or too obscure to be targeted.
Organizations that continue to treat OT and building systems as “separate” from cyber risk are ignoring one of the most common attack vectors in today’s threat landscape. It’s not just the smart buildings that are vulnerable. It’s every building, and every device with an IP address.
The convergence is here. And the organizations that will weather it best are the ones that start treating every connected system, no matter how old, obscure, or operational, as part of their threat landscape.
Because the next breach may not come through a phishing email. It may come through your thermostat.
Chris Pogue is Director of Digital Forensics and Incident Response (DFIR) for cybersecurity and cloud services provider CyberCX in the Americas. A former US Army Warrant Officer with more than 25 years of experience in cybersecurity, he has led global breach investigations and advised executives on managing cyber risk. He also serves with the US Secret Service Cyber Fraud Task Force and FBI InfraGard NYC.
THOUGHT LEADERSHIP, INTERVIEWS, WEBINARS, THE LATEST LEGAL NEWS
BEST PRACTICES AND REAL WORLD SOLUTIONS FOR GCs AND IN-HOUSE COUNSEL
From Terabytes to Timelines: How GCs Can Gain Control of Cross-Border Data
By TIMOTHY LATULIPPE AND HUNTER MCMAHON | PRESENTED BY
THE PRESSURE ON GENERAL COUNSEL
In-house lawyers often work in and on the business. The goal is often protecting the organization, as well as providing quick and defensible insights on myriad issues, from regulatory to high-stakes disputes. So, what challenges are persistent, and what issues are on the rise?
• Cross-border investigations and disputes are no longer a rarity.
• Data volumes continue to rise, and their composition is becoming
more complex, including multilingual content and varied types of data, not just documents.
• Deadlines, anecdotally, are shrinking in some jurisdictions. Even where they remain static, the amount of data to consider, as well as its growing complexity still adds pressure to timescales.
GLOBAL DATA: THE NEW REALITY
Data is no longer bound to the physical devices on which they reside. Offices and server rooms in the
United Kingdom or Chicago look very different than even ten years ago. Cloud-based infrastructure, chat applications (including unsanctioned or unmanaged apps like WhatsApp), collaboration tools such as Trello, Asana, Slack, among many others, have transformed the landscape. Data is amorphous and scattered across packet highways that do not necessarily adhere to the data protection laws and expectations of all regions. This is not a novel concept, yet it resurfaces repeatedly as a tension between compliance and necessary access. For example, there may be a court order in an American jurisdiction that requires access to relevant data, while the user-custodians are located in Great Britain. This is a common scenario that is now well tested and handled; however, data protection rights attach to individuals, creating friction between the “so ordered” reality and an equally valid reality of rights on the other end.
THE SQUEEZE
Which regulator expects the fastest replies? Is it the SEC, SFO, or the CMA? The truth is all of them. Delay is no longer tolerated. Courts want speed. Boards want answers. And linear review simply cannot keep up.
DEFENSIBLE SPEED
Tools have been added to the workflow to help maintain this pace. “AI, AI, AI, AI”—there, it’s been said. Machine learning (ML) and similar capabilities enable the rapid reduction of extraneous noise in data and documents. The massive increase in data volumes does not always correspond to a proportional rise in relevance.
WHAT CAN TECHNOLOGY DO?
• Traditional: Reduce data volumes by identifying duplicates of all types.
• Traditional: Filter data by type, excluding items that are not of potential relevance.
• Traditional: Run search queries against the text of documents and data.
• Modern: Leverage machine learning to enable document scoring and prioritization using Technology Assisted Review and Computer Assisted Learning, (TAR/CAL).
• Modern: Extract entities without foreknowledge, such as names, national insurance numbers, addresses, and other identifiers.
• Evolving: AI-powered solutions can surface likely relevant information much faster. These tools do not replace document reviews for lawyers but assist in Rapid Fact Development, pointing case teams towards the most critical issues.
iDiscovery Solutions (iDS) has an international partnership with Nuix (ASX: NXL), which allows the firm to scale while maintaining these insights from the start. Deploying Nuix and its toolkits across global regions, notably in the U.S. and
Europe, enables minimal delay in implementing a full datacenter-style solution, while ensuring compliance with regional laws and standards.
HOW DOES THIS BENEFIT
GENERAL COUNSEL?
Engaging consultants who use the right technology enables:
1. Faster clarity, allowing boards and executives to make informed decisions.
2. Inoculation against regulatory or judicial scrutiny by leveraging defensible processes.
3. Greater efficiency for all stakeholders, for example, reducing the time needed for external lawyer reviews.
FUTURE-PROOFING THE
GENERAL COUNSEL’S PLAYBOOK
1. GCs need partners who can balance speed, global reach, and defensibility, while providing expert evidence and testifying when required. Finding partners who speak more than one language is also an advantage.
2. iDS, alongside Nuix, helps GCs shift away from viewing data as a burden to seeing data as a strategic advantage.
3. Challenge your organization to improve: future-proof your legal strategy by aligning data discovery with the realities of global data and compressed timelines.
HOW GCS CAN TURN GLOBAL DATA INTO STRATEGIC ADVANTAGE
The modern general counsel is under pressure like never before. Data volumes are exploding, crossborder complexity is the norm, and deadlines are shrinking. Traditional
Prefer to read this online? Click here.
review methods just can’t keep up. By harnessing AI, machine learning, and the right expert partners, GCs can move from reactive to proactive, turning data from a burden into a strategic asset. Organizations that act now, aligning data discovery with compliance, efficiency, and defensibility, will be the ones making faster, smarter decisions while protecting their companies in an increasingly complex global landscape.
iDS provides consultative data solutions to corporations and law firms around the world, giving them a decisive advantage – both in and out of the courtroom. iDS’s subject matter experts and data strategists specialize in finding solutions to complex data problems, ensuring data can be leveraged as an asset, not a liability. To learn more, visit iDSinc.com
Timothy LaTulippe is Managing Director, Europe of iDiscovery Solutions (iDS). He leads complex investigations across the US and Europe, working with government agencies, Fortune 100 companies, and Am Law 100 firms. He advises on data privacy, information security, and risk identification, and has helped develop proprietary software to support these efforts.
Hunter McMahon is the President of iDS. He leads a team of experts who provide industry-leading solutions for clients. McMahon has served as a testifying and consulting expert to corporations both large and small, while working with Am Law 100 and boutique law firms.
AI Adoption 101: How to Treat AI Like a New Colleague on Your Legal Team
By BÄRÍ A. WILLIAMS
For years, AI in legal felt more hype than help. Promises of “100% accuracy” fell apart when AI hallucinations made headlines in court filings. But things are changing. The technology is maturing. Speaking from experience, in-house legal departments are under growing pressure to execute strategic AI adoption—especially for tools that take on the tedious, repetitive tasks that slow business down.
When I think about adding AI to my department, I treat it like hiring a new team member. What role should
it play? How will it fit into our workflows? What guidance does it need to build trust over time? The key is knowing what AI does well, where human oversight is essential, and which decisions must stay with legal experts.
Here’s a four-stage roadmap to help lead your legal team through four stages of AI adoption:
STAGE 1: WRITING AI’S FIRST
JOB DESCRIPTION
If AI joined your team tomorrow,
what’s the first task you’d give it? I’d start with high-volume, rulesbased work—the kind that’s safe to automate but still matters if it’s done wrong.
Examples include:
■ First-pass contract review: Let AI review and redline non-disclosure agreements (NDAs), master service agreements (MSAs), and other standard agreements in minutes, not hours, so your team can focus on strategic matters.
■ Risk flagging: Have AI flag non-compliant terms or deviations from your playbook, then rank issues by severity so you know what needs attention first.
■ Deadline reminders: Use AI to track renewals, filings, and compliance dates so nothing slips through the cracks.
In-house legal teams often have backlogs of low-risk vendor agreements that slow down procurement. By deploying legal AI to handle the first-pass review, they can cut the turnaround time from days to hours, freeing up the lawyers to focus on high-risk negotiations and advising
the business on compliance for a major product launch.
STAGE 2: ONBOARDING AI INTO THE TEAM
Like any new hire, AI needs onboarding. That means introducing its role, setting expectations, and giving it the context to operate effectively. Key team members should “train” the AI on workflows and connect it to intake, review, approval, and close-out processes so its outputs land where the team already works. Remember, the goal is integration, not isolation. AI can centralize case data, automate updates, and coordinate assignments—becoming the connective tissue between legal, sales, procurement, and finance. Transparency is critical. If AI flags a risky clause, explain why; if it automates a step, show the logic. That builds trust and enables refinement.
For example, if AI is integrated into an intake portal, then contracts uploaded by sales or procurement can receive an instant AI review and produce annotated documents for the legal team. This eliminated endless email back-and-forth and gives business teams near-real-time contract visibility.
STAGE 3: MANAGING PERFORMANCE AND RISK
AI can move fast, but speed without standards is a liability. Treat AI like a junior colleague who still needs oversight. Set benchmarks for accuracy, compliance, and confidentiality. Use monitoring dashboards, audits, and feedback loops to track performance and improve results.
Not every legal task belongs to AI, and defining boundaries is critical. High-value deals and sensitive matters should remain human-led.
When legal ops runs monthly audits, compare the AI-reviewed contracts with the human-reviewed ones. Log discrepancies, refine rules, and route the more complex matters to the lawyers. This approach results in better overall performance and provides reassurance that automation doesn’t automatically introduce hidden risks.
Like any new hire, AI needs onboarding.
That means introducing its role, setting expectations, and giving it the context to operate effectively.
STAGE 4: DELEGATING IN THE ERA OF AI COLLEAGUES
Once trust is built, boundaries are set, and rules are in place, AI can graduate from handling isolated tasks to managing entire workflows within set parameters. For example, AI could manage the vendor contract renewal process, process standard NDAs without human review, or prepare quarterly compliance summaries for the executive team.
This is where legal leaders shift from hands-on oversight to managing a hybrid team of humans and AI. It also means preparing the organization with a readiness checklist:
■ Are there clear policies for AI use and accountability?
■ Did you define metrics that measure both productivity and compliance?
■ Does this contribute to a culture that values technology
Prefer to read this online? Click here.
while keeping human judgment at the core?
At this stage, you’re now ready to pilot the AI. One practical place to start is an AI workflow that manages contract renewals under $50,000 and escalates to humans only when counterparties request non-standard terms. This would free senior counsel to focus entirely on strategic deals and litigation matters.
MOVING BUSINESS FORWARD WITH LEGAL AI
AI won’t replace lawyers. The complexity and nuance of legal work demand human judgment. Rather, legal AI is about reshaping how legal work gets done.
When you start with the right tasks, integrate AI into your workflows, set clear standards and boundaries, and delegate with intention, you create a hybrid team that moves faster and works smarter. The result? A legal team that’s empowered to think, decide, and lead so they can move their businesses forward.
The question isn’t whether AI will join your legal team. The question is whether you’ll be ready to lead it.
Bärí A. Williams leads LegalOn’s legal and legal content teams. An attorney with 16+ years in tech transactions, she blends legal expertise with industry insight. Previously, she held pivotal roles at Meta (Facebook) and StubHub, shaping innovative legal strategies. Her email is: bari.williams@legalontech.com
Why Arbitration Belongs in the Boardroom
By MICHAEL MARRA | PRESENTED BY
In an industry defined by complexity, collaboration, and constant change, construction leaders have learned a crucial lesson: dispute resolution isn’t just a legal mechanism; it’s a business strategy.
For general counsel across sectors, that insight has never been more relevant. Whether managing a commercial partnership, a global supply chain, or a high-stakes acquisition, the same principles that keep billion-dollar construction projects
on track can help corporate legal departments prevent disruption and preserve relationships.
FROM RISK RESPONSE TO RISK STRATEGY
Construction projects are built on uncertainty—shifting site conditions, material shortages, and regulatory changes. Disputes are inevitable. What distinguishes successful construction companies is not avoiding conflict but planning for it.
That mindset has made the construction industry an early adopter of arbitration and other forms of alternative dispute resolution (ADR). “Because we are a not-for-profit institution, our primary mission is to educate chief financial officers, legal teams, and really the entire executive suite on the benefits of arbitration,” said Frank Rossi, executive vice president, chief operating officer, and chief risk officer of the AAA-ICDR.
Rossi notes that when organizations address dispute resolution during contract formation—rather than after conflict arises—they can align processes with business goals, budgets, and timelines. “We spend a lot of time helping people understand the value of a good arbitration clause and making sure they’re selecting the right process for their dispute,” he said.
The
advantages of arbitration are well-established — flexibility, privacy, industry expertise,
and speed. But what’s changing is who’s paying attention.
WHY ARBITRATION BELONGS IN THE BOARDROOM
The advantages of arbitration are well-established—flexibility, privacy, industry expertise, and speed. But what’s changing is who’s paying attention.
Executives are increasingly viewing arbitration as a component of enterprise risk management, not merely a substitute for litigation. “I’ve never seen a construction project without some sort of conflict,” said Karen Layng, CEO of M.A.I.T. Co. and chair of the AAA-ICDR Board of Directors. “To be able to parse through it, however, and have an ADR clause that can indeed appropriately get through an efficient, cost-effective, fair, and expedient resolution of the parties’ disputes is really, I think, what all parties are after.”
That same logic extends far beyond construction. In-house counsel in sectors such as technology, healthcare, and finance can apply a similar proactive approach—integrating arbitration into their contract strategy to ensure that, if disputes arise, the framework for resolution is already in place.
THE COMPETITIVE ADVANTAGE OF PREPAREDNESS
As legal departments face mounting pressure to manage costs, accelerate timelines, and safeguard reputation, arbitration offers a framework that supports governance and agility. Institutions such as the AAA-ICDR have developed dedicated rules, technology-enabled case management, and specialized panels tailored to industry needs. Tools like ClauseBuilder® AI (Beta) enable in-house counsel to create clear, enforceable ADR clauses tailored to the relevant industry as well as the complexity and risk profile of their agreements, thereby reducing ambiguity and the likelihood of procedural disputes later on.
These innovations reflect a larger shift: the convergence of legal strategy and business strategy. Forward-thinking organizations are moving dispute resolution from the margins of legal operations—often, an afterthought—to the center of enterprise planning, much as risk and compliance frameworks have matured over the past decade.
THE TAKEAWAY FOR GCS
For general counsel, the lesson from construction is clear: arbitration isn’t merely an alternative to litigation—it’s an opportunity to design an enforceable dispute-resolution process that serves the business.
By incorporating arbitration
Prefer to read this online? Click here.
clauses early, leveraging institutional expertise, and embracing technology -driven tools, GCs can transform potential flashpoints into predictable, manageable outcomes.
As Layng put it, “The ADR revolution—whether in construction law cases or the broader world—is critical. And the way to get that done, and most efficiently, fairly, and effectively, is through the AAA-ICDR.”
When done right, arbitration doesn’t just resolve disputes. It protects business continuity, preserves relationships, and reinforces the GC’s role as a strategic leader, turning conflict from a liability into a competitive advantage.
Michael A. Marra is division vice president of the American Arbitration AssociationInternational Centre for Dispute Resolution® (AAA-ICDR®), where he oversees global business development and outreach efforts. In this role, he leads strategic initiatives to expand the organization’s dispute resolution services worldwide and strengthen relationships within the corporate, legal, and public sectors. Marra is also a frequent presenter on alternative dispute resolution and its role in promoting fairness, efficiency, and effectiveness in resolving conflicts.
LawVu’s David Lancelot Talks Research on the Cost of Legal Friction (Part 1)
In today’s business environment, every function is under pressure to operate at peak performance. Legal is no exception. As organizations face growing regulatory complexity, economic uncertainty, and heightened risk, in-house legal teams are expected to serve not just as advisors but as strategic partners who enable growth and protect the business. Yet, many legal departments remain under-resourced and behind on digital transformation compared to their peers in finance, HR, or sales.
To better understand the business impact of this gap, LawVu commissioned International Data Corporation (IDC) to survey more than 350 business and legal leaders across the United States, the United Kingdom, and Australia. The research, entitled “Legal Friction: The Real Cost to Your Business,” sheds light on what IDC terms “legal friction”: the operational drag caused by inefficient legal processes and fragmented workflows within legal teams and between legal and business partners.
The findings are striking. Respondents reported that legal friction has contributed to delayed or lost revenue opportunities, higher outside counsel spend, wasted time, and even reputational damage from customer complaints.
The study also highlights a shared perspective: both business leaders and legal leaders agree that legal friction exists and materially impacts operations. Root causes include outdated processes, lack of technology adoption, and underinvestment in core legal tools such as matter management, intake systems, and enterprise legal management platforms.
At the same time, the research identifies opportunities. By embracing process improvements, better data usage, and modern technology, legal teams can reduce friction, free up resources for higher-value work, and strengthen collaboration across the business.
To unpack these insights and explore how legal teams
With 20+ years’ experience leading international inhouse legal teams, David Lancelot is Chief Legal Officer and Executive Vice President of Advocacy at LawVu. He is also an Adjunct Professor at the University of Florida College of Law, teaching International In-House Legal Leadership. Previously, he held senior legal leadership roles across technology, ecommerce, and media.
can translate the findings into action, Today’s General Counsel spoke with David Lancelot, Chief Legal Officer and Executive Vice President of Advocacy at LawVu.
The Q and A below reflects the first part of a three-part conversation on the survey results, the challenges of legal friction, and the opportunities for legal teams to reposition themselves as drivers of business value.
Based on the survey findings, legal friction is costing organizations millions annually. Can you break down the financial impact of legal friction in simple terms? Can you share a real-world example where outdated legal processes directly impacted business outcomes or growth opportunities?
David Lancelot: IDC surveyed more than 350 business and legal leaders across the US, UK, and Australia to understand how inefficient legal practices impact the business. What came through very clearly is that legal often doesn’t have the same operational mindset—or the resources to put in place the people, processes, and technology—that other functions take for granted.
Think about the evolution of enterprise functions: finance adopted SAP in the ’80s, sales got Salesforce in the ’90s, marketing moved to HubSpot in the 2000s, and
HR embraced Workday in the 2010s. Now, legal finally has dedicated tools, and legal operations as a profession is starting to change the game. But too many legal teams are still lagging.
That gap has real consequences. Business leaders, particularly CFOs, still tend to see legal as a cost center, asking how to reduce spend rather than how legal can accelerate outcomes. The reality is that modern tools like contract management, matter management, and intake systems can make legal a value driver. With the right data, legal can help speed up processes and align with strategic objectives. Without them, legal becomes a drag on the business, even if most executives don’t recognize the hidden costs of that friction.
The survey highlights that 70% of business leaders have bypassed legal processes altogether. What are the risks of this behavior, and how can legal teams rebuild trust and alignment across business units?
David Lancelot: I call this the “don’t tell legal” problem, and it’s dangerous. Early in my career, I actually overheard someone say it across the cubicles at a major e-commerce company. If people are actively avoiding legal, that’s a red flag.
The survey findings put real weight behind the risk: 11% of revenue has been delayed, and in some cases lost, because of inefficient legal processes. When I first saw that number, I thought, that’s huge. But when you consider how deeply legal is embedded across the business, it makes sense. At eBay, for instance, my team was plugged into everything, passing ideas and initiatives from Australia to Germany to South Africa. If we were slow, the business was slow.
So when you see that 11% figure, imagine what it would mean if you could unlock it, if you could capture revenue faster or prevent it from slipping away entirely. Every leadership team in the world would jump on that opportunity. The risk of bypassing legal is not just regulatory or compliance exposure; it’s missed growth, slowed strategy, and lost trust inside the organization.
The research points to legal teams being overburdened with low-value tasks. What role should automation and self-service tools play in shifting legal focus to more strategic activities?
David Lancelot: The report shows that legal professionals are spending roughly a day a week on administrative tasks. That means highly trained, highly paid lawyers are cutting and pasting between emails and spreadsheets, or
Prefer to read this online? Click here.
digging through inboxes just to write reports. Compare that to sales, HR, or finance, where teams work in centralized systems like Salesforce or Workday. Legal, in many cases, simply doesn’t have that kind of platform. The result is death by a thousand cuts, small inefficiencies that add up to enormous friction.
Where does that friction show up most clearly in dayto-day legal work?
David Lancelot: One of the biggest pain points is triage, figuring out who should handle what. In most legal teams, the most senior lawyers are still manually routing matters: “This one’s for Dave in M&A, that one’s for Mary in entity formation.” No other business function operates that way anymore. It’s inefficient, and frankly, it’s medieval. A good matter management system should do that automatically, freeing leaders to focus on higher-value work.
Another big area is law firm billing. Too often, review and approval become rubber-stamp exercises because nobody has the time to dig into the details. Both of these areas are ripe for automation, and when you implement the right workflows, you can take a massive load off the leadership team’s plate.
Beyond efficiency, what’s the broader impact of reducing this friction on legal’s role in the business?
David Lancelot: When lawyers are buried in lowvalue work, leadership assumes, “they’re so busy, they must be covering everything.” But the truth is, they’re too busy to cover everything. That creates a cycle of false risk mitigation. As a result, legal lowers its risk tolerance because it doesn’t have the bandwidth to do things properly. The business responds by saying, “Don’t send it to legal, they’ll slow us down,” which actually increases risk.
That’s how legal ends up excluded from strategic conversations, the “not in the room where it happens” problem. By the time legal gets involved, it’s too late. To break that cycle, legal teams need to adopt the same operational rigor that sales, HR, and finance already have. Free up capacity with automation, data, and workflows, and suddenly, legal has the headspace to focus on strategy, collaboration, and long-term value creation.
Read part 2 and part 3 online.
THE ANTITRUST LITIGATOR WITH JEFFERY CROSS
Can Employees Still Challenge Noncompetes After the FTC Drops its Appeals?
By JEFFERY M. CROSS
Noncompetes are back in the news. In September, the Federal Trade Commission (FTC) dropped its appeals of two federal court decisions that had blocked enforcement of its nationwide ban on noncompete clauses. That move leaves the agency’s sweeping rule out of the picture for now and raises an important question: what private rights of action, if any, remain for workers seeking to challenge noncompetes?
The FTC first issued the ban in April 2024, defining a “noncompete
clause” as any employment term that prohibits, penalizes, or functions to prevent a worker from taking another job in the US or from starting their own business after leaving their current position. At the time, the FTC has estimated that more than 2.9 million firms relied on such clauses. The rule was intended to wipe out new noncompetes across all industries and all workers.
With the FTC’s appeals abandoned, the focus now shifts to whether employees themselves can bring challenges under the antitrust
laws—particularly Section 1 of the Sherman Act. If successful, such claims could entitle workers to triple damages and attorney’s fees, and in some cases be pursued as nationwide class actions.
CLIENTS AND THE NONCOMPETES
There is no question that certain noncompete clauses could be successfully challenged under Section 1. Take for example a noncompete clause that expressly prohibited an employee from providing services to
a group of unidentified clients for a period of time after the employee’s employment ended. In addition, assume that there are no trade secrets involved and the employee has not solicited his or her clients.
Antitrust principles allow this restrictive covenant to be challenged under Section 1, which requires two elements: (1) an agreement and (2) an unreasonable restraint of trade. A private party can sue only through Section 4 of the Clayton Act, which requires showing injury “by reason of anything forbidden by the antitrust laws.” Courts interpret this to mean there must be an effect on competition. This analysis typically follows the Rule of Reason’s burden-shifting framework, where the plaintiff must first make a prima facie showing of anticompetitive effect.
No one disputes that an agreement exists. Some agreements between a company and its employees, however, do not involve the two independent economic actors required under Section 1. The classic example is a CEO and another employee agreeing on the price of one of the company’s products—the CEO could set the price unilaterally. By contrast, in our hypothetical noncompete clause, two independent economic actors are present when the agreement is formed. Both sides must consent for the clause to take effect, and the employee retains the option to walk away.
THE ISSUE OF DECISION MAKERS
The Supreme Court has suggested a straightforward test: if the challenged conduct requires agreement between the participants to be effectuated, then they are independent actors. In the CEO pricing
example, an agreement is unnecessary because the CEO alone controls the outcome. In the case of a noncompete, both employer and employee must agree, confirming the presence of two independent decision-makers.
PROCOMPETITIVE JUSTIFICATIONS
Turning to the second element of an antitrust violation, the Rule of Reason applies. Courts traditionally recognize plausible procompetitive justifications for noncompetes, such as protecting trade secrets. The
With the FTC’s appeals abandoned, the focus now shifts to whether employees themselves can bring challenges under the antitrust laws—particularly Section 1 of the Sherman Act.
Rule of Reason requires weighing anticompetitive harms against procompetitive benefits. But when no plausible benefits exist, the restraint qualifies as a naked restraint and falls under the per se rule. Under that rule, courts presume anticompetitive effect, and defendants cannot raise justifications.
In our hypothetical noncompete, no procompetitive justification exists. There are no trade secrets at risk and no valid reason to prevent customers from choosing to do business with the employee. The clause
Prefer to read this online? Click here.
instead produces clear anticompetitive effects: it restricts customers who are not parties to the agreement, forcing them to either remain with a company they believe provides poor service or turn to unfamiliar third parties. With fewer choices, customers face higher prices for the company’s services.
Many noncompetes may be defensible under the Rule of Reason. But when a clause lacks plausible procompetitive justifications, companies cannot take comfort in the FTC’s abandoned ban. Such clauses remain subject to attack under Section 1 of the Sherman Act.
Jeffery M. Cross is a columnist for Today’s General Counsel and a member of the Editorial Advisory Board. He is Counsel in the Litigation Practice of Smith, Gambrell & Russell, LLP. Cross was a Partner at Freeborn & Peters, which merged with SGR in 2023. He can be reached at jcross@sgrlaw.com.
IN PARTNERSHIP WITH ACEDS
The Human Side of eDiscovery: Building Teams That Blend Legal and Technical Skills
By MARIBEL RIVERA
Modern discovery is no longer defined solely by the rules of procedure or the latest review platform. People define it. Behind every successful discovery effort is a team that bridges the divide between law, technology, and information management. The human side of eDiscovery matters as much as the tools or workflows, and yet it often receives less attention.
Building multidisciplinary teams that combine legal and technical skills is now essential. Data volumes are exploding, new sources of information are multiplying, and courts expect parties to respond quickly and defensibly. Meeting these challenges requires more than a handful of specialists. It requires collaboration across functions, shared training, and an investment in professional development that equips entire teams to work as one.
WHY MULTIDISCIPLINARY TEAMS MATTER
Litigation and investigations touch every part of an organization’s information ecosystem. Some attorneys have developed strong eDiscovery and legal technology skills, but many focus primarily on privilege, relevance, and litigation strategy. In
practice, they often rely on colleagues in eDiscovery or eData teams, as well as IT and records professionals, to handle preservation, data collection, and technical workflows.
When these groups work in isolation, gaps form that can delay production or create risk. A legal team may not be aware of how retention settings in collaboration platforms affect whether chat messages are preserved or deleted. An eDiscovery team may execute a thorough collection but face challenges if privilege review is not clearly defined at the outset. Records managers may follow retention policies without realizing that litigation holds should pause scheduled deletion.
Cross-functional teams close those gaps. They bring legal strategy, technical expertise, and records management insight into the same
conversation. This is not only about preventing mistakes but also about strengthening the ability to respond quickly, reduce costs, and improve defensibility.
SKILLS THAT SHAPE EFFECTIVE TEAMS
Strong discovery teams are built on more than subject matter knowledge. They succeed because professionals from different backgrounds can work together effectively. Some of the most important skills include:
• Communication: Legal, eDiscovery, IT, and records professionals must be able to explain their needs and constraints clearly to colleagues outside their field.
• Shared Vocabulary: Common training ensures that when someone refers to “preservation,” “metadata,” “processing,” or even technical concepts like load files or hash values, all parties interpret them consistently.
• Practical Problem-Solving: Litigation rarely follows a straight line. Teams need to adapt quickly while still maintaining defensibility.
• Commitment to Learning: Technology and regulations evolve rapidly. Ongoing professional
development helps teams remain current and confident.
These skills are as much about people as they are about process. They require training and reinforcement in environments that value collaboration.
TRAINING AND PROFESSIONAL DEVELOPMENT AS CONNECTIVE TISSUE
One of the most effective ways to strengthen cross-functional teams is through shared training. When attorneys, eDiscovery specialists, IT staff, and records managers learn together, they not only gain knowledge but also build trust and develop a shared vocabulary.
Broad certifications such as the Certified E-Discovery Specialist (CEDS) credential provide a foundation across law, technology, and project management. Specialized training in information governance adds depth in areas like data retention and defensible deletion. Targeted micro courses on emerging issues such as cybersecurity, breach response, or generative AI help professionals stay ahead of trends that increasingly affect discovery.
The value of these programs lies in their ability to unify teams. A legal hold notice drafted by an attorney is far more effective when eDiscovery and IT staff understand precisely how to implement it. A retention policy makes sense across the organization when legal and records professionals have trained on the same principles. Micro courses help security teams appreciate why breach response has implications for downstream litigation.
Training in this context becomes the connective tissue that links professionals across disciplines.
CREATING A CULTURE OF COLLABORATION
Training lays the foundation, but culture sustains it. For multidisciplinary teams to thrive, organizations must foster collaboration and respect across roles.
Some firms and corporations establish cross-functional working groups to oversee discovery readiness. Others integrate eDiscovery training into broader compliance or risk initiatives. The most successful efforts are those where professional development is seen as an investment in organizational strength rather than an optional extra for individuals.
Leaders play a crucial role. Managing partners and general counsel can set the tone by making cross-functional readiness a priority, encouraging participation in training, and recognizing the value of professionals who blend legal and technical skills. When leadership demonstrates commitment, collaboration becomes part of the culture rather than a reactive measure.
LOOKING AHEAD
The need for multidisciplinary discovery teams is on the rise, and it’s an exciting time. Innovative technologies like cloud data, collaboration platforms, and artificial intelligence are revolutionizing litigation and investigations. With the increasing frequency of cybersecurity incidents, the importance of discovery is more crucial than ever. At the same time, navigating privacy regulations presents opportunities to balance data retention for litigation with compliance. It’s a thrilling challenge.
These challenges demand teams that are not only technically skilled but also aligned in their undestanding of risk, compliance, and strategy. Holistic training equips them to meet those
Read this story on
demands. More importantly, it highlights the human side of discovery. Technology may power the tools, but it is people (attorneys, eDiscovery professionals, IT staff, records managers, and security specialists) who ensure discovery is defensible, efficient, and strategic.
For firms and legal departments, investing in people is not optional. It is the surest path to building teams that can deliver under pressure, meet client expectations, and protect reputations.
Holistic training and professional development are not theoretical. They are practical strategies for creating multidisciplinary teams that blend legal and technical expertise. Just as important, they prepare organizations for the future—where cloud platforms, artificial intelligence, and evolving privacy regulations will continue to reshape discovery. By actively sharpening their skills today, firms and legal departments equip themselves to tackle future challenges with assurance. This proactive mindset transforms discovery from a mere burden into a powerful, unified asset, fostering lasting resilience and paving the way for great success ahead.
Rivera is the Vice President of Strategy and Client Engagement at ACEDS, the Association of Certified E-Discovery Specialists. She manages local chapters, membership, events, and strategic partner engagement. Rivera helps brands and businesses connect with their audiences and achieve their goals.
Maribel
The Hidden M&A Risk: Unstructured Data Integration
THURSDAY, NOVEMBER 6 | 1:00PM ET
In this webinar, Susan Wise, Chief Privacy Officer, Biogen and Betsy Ford, Senior Consultant, Contoural will discuss how to avoid the most common mistakes and build a smarter, defensible data integration strategy.
IN PARTNERSHIP WITH
Building a Smarter GRC Program: Five Essentials to Elevate Organization Readiness
TUESDAY, NOVEMBER 11 | 1:00PM ET
In this expert-led webinar, you’ll learn the five key areas every organization should assess to elevate GRC maturity.
IN PARTNERSHIP WITH
Laying the Foundation for Smarter Legal Spend Management: People, Process, & Technology
TUESDAY, DECEMBER 9 | 1:00PM ET
This webinar will explore the foundational elements of comprehensive spend management— people, process, and technology—empowering you to optimize your legal spend while driving data-driven decisions.
