Principle · Chief Legal Officer

Defense in Depth.

Source: military strategy, originating with classical fortification and codified by the Roman and medieval engineers; modernized in 20th-century military doctrine and adopted as foundational practice in cybersecurity (NSA, NIST), nuclear safety, and risk engineering. Standard reference: NIST SP 800-160.

The Principle

Do not rely on any single barrier to stop a threat. Instead, layer multiple, overlapping safeguards so that if one fails, the next one catches the failure. The whole system is designed to assume that any individual control will eventually fail. The question is not whether the wall holds, but whether the second wall behind it holds when the first one falls.

Defense in Depth has three properties that distinguish it from "more security." First, the layers must be diverse. Five copies of the same control are still one control. Five different kinds of control are five chances to catch a failure. Second, the layers must be independent. If a single failure (a misconfiguration, a compromised credential, a blackout) disables all of them at once, they are not really layered. Third, the layers must be sized to the worst case. Layering trivial controls against catastrophic threats is theater.

The principle originates in fortification (outer wall, inner wall, keep) and modernized in cybersecurity (perimeter, network, host, application, data) and nuclear safety (multiple independent containment systems). In legal protection of a business, it works the same way: multiple, overlapping, independent controls so that no single failure exposes the whole company.

Why It Matters Here

Most companies that suffer catastrophic legal events did not lack a single protection. They lacked the redundancy. The contract was good but the insurance lapsed. The insurance was good but the entity structure mingled assets. The entity structure was good but a personal guarantee bypassed it. Single-layer defenses fail. The CLO's job is to make sure the company always has a second wall behind every first one, sized to the actual worst case, independent of the failure mode that took out the first.

Signals (When to Apply)

How to Apply

Examples

Applied well A company protecting its IP layers the defenses: (1) every employee signs an IP-assignment as a condition of employment, (2) every contractor signs a separate work-for-hire agreement before any work is performed, (3) confidential systems require named-user authentication with no shared accounts, (4) trademarks for the brand and methodology are filed and maintained, (5) the company carries IP-litigation coverage in its general liability policy. When a contractor leaves and tries to repackage methodology as their own, the company has four independent claims and the matter is resolved in three weeks. No single layer would have been enough. The combination ended the dispute fast.
Misapplied A different company believes its LLC structure protects the founder personally and treats it as the single defense. The LLC is properly formed. But the founder personally guarantees the office lease, signs a vendor agreement in their personal name, commingles personal and corporate funds, and lets the annual filings lapse. A vendor dispute escalates. Plaintiff's counsel pierces the LLC veil on the commingling alone. The "single bulletproof defense" was never tested, and when it was, it dissolved. The lesson: one well-formed structure with no supporting layers is not Defense in Depth. It is a single point of failure with a legal-sounding name.

When to Break It

Further Reading