Archive & Data Protection

    Get Ready to Play Offense On E-Discovery

    The cost and disruption of e-discovery—particularly email discovery—are spiraling up. Play offense on e-discovery to manage those fire drills instead of letting them manage you.

    by Garth Landers

    Key Points

    • IT departments are constantly forced to react to each new e-discovery request, leading to high costs and disruption that drains productivity.
    • With the growing ubiquity of e-discovery, the volume of requests is expected to continue to increase.
    • You can cut the cost and effort of e-discovery by taking a more proactive approach. Re-examining data retention policies and identifying patterns hidden in your organization’s case history are two worthwhile ways to begin.


    Why is it that the words “legal” and “defense” are so often paired together? In my role overseeing the marketing of Mimecast’s e-discovery software, I’ve become convinced that midsize and larger businesses’ defensive approach to email discovery—and e-discovery in general—is the most important reason why it’s so costly and disruptive for them.

    It’s time for IT teams and their legal partners to play offense on e-discovery. This lesson seems so important I made it the title of my Cyber Resilience Summit session: Time to Play Offense With Your e-Discovery Strategy. I’ll outline the case in this article and invite you to join our virtual discussion for the deeper dive. 

    E-discovery is Ubiquitous—and Highly Disruptive

    Many people may still think of e-discovery as a fairly rare occurrence, typically driven by a giant headline-making event like the Enron or Worldcom scandals of the early 2000s. But that’s not the reality today.

    As IT professionals are all-too-painfully aware, events requiring e-discovery have become commonplace in the past decade or so, and they’re usually far more mundane (not headline news fodder). Think: wrongful termination suits, ageism, sexual harassment (especially post-Weinstein), unsafe working conditions, employee theft, policy violations. And what’s more, they’re ubiquitous. People call the U.S. a litigious society, but it’s happening worldwide.

    Couple that ubiquity with the exponential growth of data due to digital transformation, and you can begin to see why e-discovery and legal holds are so disruptive. You know the e-discovery requests are going to come, but they’re unpredictable—you don’t know when, where, what or who. For many IT departments, e-discovery is like having a fire drill every day. You might get better at it, but you’re never really quite prepared because the fire alarm is always going off so you’re always reacting, playing catch-up—in other words, on defense. It’s a pain, and a serious drain on productivity.

    Reactive Approach Drives Up Total E-Discovery Cost

    Reactive e-discovery may have been okay back in the days when cases were fewer and there was far less data, especially email data, to sift through. Today, though, a new approach is needed to deal with a consistently larger case flow and previously unimaginable data volumes.

    Here are some of the data points that led to my “play offense” insight:

    • One estimate sized the e-discovery market at $11.23 billion last year, growing at nearly 13% per year to about $20.63 billion in 2024.[1]
    • Another research survey shows that only 4% of total e-discovery spend goes toward collecting information, while 36% goes for data processing and 58% for review.[2]

    In other words, companies are collecting everything that might possibly be relevant to each eDiscovery request, instead of taking a more precise and targeted approach. Then they pay bigtime for sweeping up all that data because they incur much higher costs for processing the information—and especially for the expensive, largely manual process of reviewing all those items. Multiply that inefficiency by the growing caseload requiring eDiscovery, and it’s clear why costs are spiraling up at such a terrifying rate.

    Proactive E-Discovery Can Limit Disruption and Lower Review Cost

    By now you should see where my argument is going: I propose companies should play offense on e-discovery by thinking harder and more strategically upfront about the way they collect information, primarily for email discovery (since it’s often at the crux of many cases) but of course for all data types.

    Each IT department’s e-discovery offense strategy will differ based on the nature of your enterprise and the industry or industries it serves. But here are a couple of suggestions to help spur your thinking:

    Re-examine your retention policies. Most serious organizations already have retention policies, so you know your rationales for retaining data. But re-examine them, asking yourself if they’re still appropriate given changing legal requirements and technology architectures (for example, we’ve had university customers ask us, in the wake of GDPR: “We have data going back 10 years, what if someone has a right to be forgotten? How do we do that?”). Then, identify whether your organization is actually enforcing those policies. If so, how? And are you consistent? Enforcing compliance and governance policies requires constant re-examination, audits, and spot checks to make sure you save only the data you need, for only as long as you need it, and that you remove it when appropriate.

    Uncover your e-discovery hot spots. Start to track, analyze, and proactively act on your legal history. Email e-discovery systems like ours provide enough data about your environment that you can see patterns emerge, so you can identify where legal holds are coming from and what’s triggering them. Are they in finance? Human resources? In the field, with sales? This could start you thinking differently about retention policy management, and perhaps suggest better ways to implement roles-based retention.

    The Bottom Line

    Rather than allow your e-discovery game to continue in a high-pressure, disruptive dynamic, get your offensive playbook in order, your eDiscovery technology tuned up and your team prepared. You’ll be ready to act quickly when called upon by internal and external legal teams that need quick action to collect, review, and secure relevant data. There’s way more to playing offense on e-discovery than I’ve outlined in this post, but I hope this thinking and the suggestions I’ve shared help to put you on the right track. And join my Cyber Resilience Summit virtual session for more of this thinking—and, of course, to learn how we can help.


    [1] “An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview,” Complex Discovery

    [2] “eDiscovery Opportunity Costs: What Is the Most Efficient Approach?,” Logikcull


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top