IRWIN MITCHELL
Spearheading transformation When Graham joined Irwin Mitchell in 2017 , the business was primarily reliant on on-premise legacy technologies and had , a few months prior , experienced some operational downtime as a result of a cyber attack that caused an IT outage .
Over the ensuing years , he and his team have been putting in place and implementing a significant technology transformation which has involved migrating to the cloud and replacing outdated systems .
In conjunction with this , Graham has spearheaded a comprehensive security strategy and transformation , not only through advanced technologies but by cultivating a robust security culture across the organisation .
Elsewhere , Irwin Mitchell has navigated the various challenges posed by COVID-19 , adapting to new ways of working .
Graham says : “ The legal sector had a lot of catching up to do : working from home , digitisation , moving away from what were legally-required paper-based , wet-signature processes .
“ The whole culture of the sector and the way it operates was thrown up in the air . We saw a lot of changes and our business had to adapt very quickly , but technology was the key enabler .”
Overall , and from a security perspective , Graham is pleased to report that the Irwin Mitchell of today looks vastly different to the organisation he joined seven years ago .
“We ’ re hugely transformed , far more resilient and we have a much stronger posture against cyber threats ”
GRAHAM THOMSON CISO , IRWIN MITCHELL
He adds : “ We ’ re hugely transformed , far more resilient and we have a much stronger posture against cyber threats .”
A phased cybersecurity strategy Initially , Graham ’ s focus at Irwin Mitchell was to implement the foundational cyber hygiene controls that mitigate 99 % of cyber risk , according to metrics provided by Microsoft .
Security culture was also an issue he was keen to address – not just at lower levels of the organisation , but at the very top .
He says : “ We ’ ve transformed the security culture from security being perceived as an IT issue to it being seen as a business risk – because that ’ s what it is .”
If that was phase one , phase two involved automating several security processes and integrating advanced , AI-driven solutions .
Now in phase three , Irwin Mitchell – thanks to Graham ’ s expertise – has
58 October 2024