In the fields of cybersecurity, compliance, privacy, and eDiscovery, Greg Duke is a highly respected figure known for developing out-of-the-box solutions that deliver results for his clients. In this interview, Greg explains his decision to join UnitedLex as Senior Vice President Business Development for Cyber Incident Response—and how he’s leading the charge to disrupt the way incident response is performed.
Greg, can you tell us about your professional background?
Sure. I have about 30 years’ sales leadership experience, including 20 years in Compliance, Privacy, Cyber and eDiscovery. Before joining UnitedLex, I led strategic partnerships for cybersecurity products, including solutions focused on the identification of PII/PHI, as well as a breach review tool featuring advanced PII/PHI capabilities that were ahead of the market.
Why did you decide it was time for a change?
While evaluating the marketplace, I observed that most vendors approach breach reviews in a manner similar to traditional eDiscovery tech stack and workflows. I believe this approach overlooks a significant opportunity to leverage advanced technologies to identify PII and PHI earlier in data mining phase. Imagine if the data mining could search and identify PII, PHI and other sensitive subjects where the data lives, in the corporate enterprise.
By reducing the amount of data mined, this reduces the volume of data to extract, search and review. This enables organizations to significantly reduce the volume of data requiring mining, increasing the document response rate and ultimately lowering both the risk and cost for clients.
I view this strategy as a way to disrupt the status quo and gain significant competitive advantage.
So why did you choose to join UnitedLex?
I had been researching technologies to enable a more proactive approach to identifying PII/PHI. Infinnium’s AI-powered information governance and data protection platform seemed perfect for what I envisioned. While evaluating Infinnium, I was introduced to UnitedLex, which was in the process of forging a partnership combining Infinnium’s technology with UnitedLex’s expertise and workflows for cyber incident response, enabling a more predictive approach to identifying data.
I saw the UnitedLex/Infinnium partnership as an opportunity to change the paradigm for incident response. Six weeks later, I came on board.
How will UnitedLex’s approach change incident response?
When we look at the data mining phase of the project, we’re looking at how we ingest data, how we use AI, and how we bill for it. When you meet with insurance carriers, their number one pain point is the high cost of data mining. That’s because vendors want to bring in all the data, run it through an eDiscovery workflow, and charge per gigabyte. They have every incentive to keep doing things the way they do them now. They’re tied to that revenue stream.
However, by detecting PII/PHI earlier in the process, we reduce the cost of data mining. By leveraging AI at the beginning, we can reduce the data footprint before it comes in. That lowers the cost for the client and makes managing the data more predictable.
Will this put UnitedLex at an economic disadvantage?
Not at all. This approach isn’t just more efficient — it’s a true market differentiator. By shifting the paradigm and leveraging PII/PHI identification earlier in the process, we’re not only disrupting the status quo, we’re enabling smarter, faster, and more cost-effective breach response. That’s how we gain market share. For me personally, this is an exciting “crossing the chasm” moment. While competitors remain stuck in legacy eDiscovery workflows, we’re proving there’s a better way — and that’s exactly what disruption looks like.
Is there more to the UnitedLex strategy?
Yes. In addition to making the post-breach response more efficient, we also look at the pre-breach side with pre-emptive data governance, focusing on the risk lying within your data. Using AI, we can perform data risk analysis assessments to identify the risk of exposure statistically. When the client experiences a breach—which they will, sooner or later—the risk is going to be much lower because we’ve already taken down PII and PHI across their enterprise.
How would this pre-emptive assessment work?
Using the Infinnium platform, we can create a small assessment, say 4 terabytes, looking at data pointing to a target. We can run an audit to identify PII/PHI resting in place and have the results back quickly. From there we can conclude how vulnerable they are. And then we can do a broader enterprise-level evaluation. Ultimately, we’d like to be able to provide a risk score to quantify the level of risk.
Historically, it wasn’t economically feasible to identify sensitive data at rest. Organizations had to extract and process data externally just to understand what they had. With Infinnium, we can now index data in place — eliminating the need for full extraction. This capability enables continuous monitoring, allowing us to detect changes over time. After the initial pass, it transitions into a managed service model that’s not only scalable but cost-effective. It’s a smarter, more proactive approach to data risk management.
Does this have implications for insurance carriers?
A key aspect of the UnitedLex strategy is delivering added value to insurance carriers through proactive risk mitigation. We’re exploring solutions that carriers can offer policyholders at renewal — particularly those needing to identify and assess data risks, such as newly acquired corporate data. This approach helps policyholders reduce exposure while positioning the carrier as a forward-thinking partner in data risk management. It’s a unique solution that not only enhances policyholder value but also serves as a powerful differentiator for carriers in an increasingly competitive market. We are talking about an entirely new service offering in the industry and I believe we can make it very affordable. I think a CIO, CISO or CFO would find it a wise expenditure to proactively identify the level of risk hidden in their data.
To learn more about the partnership between UnitedLex and Infinnium, click here UnitedLex Partners with Infinnium to Elevate Cyber Incident Response Services or contact us directly.
