New cybersecurity report reveals that In-house lawyers anticipate bigger roles and budgets as breaches increase.
A new cybersecurity report, incorporating data from 617 in-house lawyers at 412 companies in 33 countries, reveals that In-house lawyers anticipate their role in cybersecurity prevention and response, as well as cybersecurity budgets, to increase over the next 12 months. Healthcare and social assistance, manufacturing, and finance/banking industries lead with highest percentages of companies reporting data breaches. The findings come from the Association of Corporate Counsel (ACC) Foundation’s The State of Cybersecurity Report.
Increased budgets have been dedicated to cyber incidents according to 63 percent of respondents, compared to 53 percent in 2015. Also, 32 percent of respondents have seen their company affected by a data breach, with malware, phishing, employee error and vendor incidents the top reasons for a data breach. Chief legal officers (CLO) and general counsel (GC) at large companies are also more likely to serve as members of a data breach response team, compared with those at smaller companies. Over 40 percent of in-house lawyers stated their companies plan to change data security standards, breach notification procedures, and incident response due to the European Union’s General Data Protection Regulation (GDPR). Veta T. Richardson, ACC president and CEO, said “Data can be a company’s most valuable and most vulnerable resource. Legal departments play an essential role in formulating policies and procedures to mitigate cyber risk.”
Among organizations with total gross revenue of $3 billion or more, 62 percent track mandatory training and attendance for all employees, 58 percent test employees’ knowledge following required training, and 45 percent hold a simulated response drills. Additionally, 57 percent reported their company is covered by cybersecurity insurance — up 10 percentage points from 2015. In the US, 63 percent strongly favour the implementation of a federal law that sets uniform data security and breach notification expectations.