84% of CLOs now have a role in cybersecurity strategy

The Association of Corporate Counsel (ACC), in collaboration with Ernst & Young, LLP, is pleased to present the “2022 State of Cybersecurity Report, An In-house Perspective.” The report shows that 84 percent of companies now give the chief legal officer (CLO) a key role in the organization’s cybersecurity strategy:

  • 20 percent: cybersecurity reports directly or indirectly to the CLO.
  • 39 percent: CLO is part of a team with cybersecurity responsibilities.
  • 24 percent: CLO is member of cybersecurity incident response team.

“As modern CLOs’ roles and responsibilities continue to expand, cybersecurity strategy and oversight is unquestionably one area where we’ve seen the largest growth,” said Susanna McDonald, VP and CLO of ACC. “Between the ever-increasing frequency of attacks and substantial financial and reputational risk to the organization’s operations and brand, this comes as no surprise. CLOs bring a unique combination of legal training, strategic thinking, and risk analysis to the table to best help prevent and, if need be, react to cybersecurity situations. Today’s report is the latest evidence that businesses increasingly recognize the CLO’s strengths in this area and are adjusting their approach accordingly.”

“New and proposed regulations are requiring involvement of the CLO at the senior management table, giving greater visibility into security programs to close cyber defense gaps, particularly as it relates to current state maturity assessments, liability, insurance, and other legal and regulatory concerns,” said Dave Burg, EY Americas Cybersecurity Leader. “The surprise here, given the pervasive nature of cybersecurity risks and the everchanging legislative and regulatory landscape, is that any organization would exclude their CLO from helping to develop, shape and execute an organization’s cybersecurity risk management strategy.”

The report covers a broad range of cybersecurity activities: legal department’s role, policies and practices, risk management, and breach and incident response.

Report highlights include:

  • 22 percent of companies now have a dedicated cybersecurity lawyer.
  • 20 percent more companies now require annual cybersecurity training for all employees compared to 2020.
  • 31 percent of legal departments say they are regularly involved in their company’s Third-Party Risk Management (TPRM).
  • 38 percent of legal departments say they are spending more as a result of their approach to cyber, compared to a year ago.   
  • Damage to reputation, liability to data subjects, and business continuity are the top 3 areas of concern resulting from a data breach.

The report is available on the ACC Website here.

The data included in the report represents 265 companies across 17 industries and 24 countries, providing a comprehensive understanding of how legal departments of different sizes engage in cybersecurity matters.

84% of CLOs now have a role in cybersecurity strategy



is the international magazine, in English, that covers legal and inhouse affairs in the United States, through experiences beyond Italy’s borders to reach overseas destinations and all over the world.

For more information, visit the Group’s website www.lcpublishinggroup.com

LC Publishing Group S.p.A. – Via Tolstoi 10 – 20146 Milano – Tel. 0236727659 – C.F./P.IVA 07619210961
REA 1971432 Registro delle Imprese di Milano – Cap. Soc. Euro 50.000,00 i.v.

Copyright 2022 © All rights Reserved. Design by Origami Creative Studio


Share on linkedin
Share on twitter
Share on facebook
Share on whatsapp
Share on email
Share on telegram