According to the Association of Corporate Counsel (ACC) Foundation’s 2020 State of Cybersecurity Report, 71 percent of companies give the chief legal officer (CLO) a key role in leading the organization’s cybersecurity strategy.
The report surveyed 586 law departments across 36 countries and 20 industries on a broad range of cybersecurity activities: legal department’s role, policies and practices, risk management, breach and incident experience, and working with the government and law enforcement.
«As modern CLOs’ roles and responsibilities continue to expand, cybersecurity strategy and oversight is unquestionably one area where we see the largest growth – said Susanna McDonald, VP and CLO of ACC – . Between the ever-increasing frequency of attacks and substantial risk to the organization’s operations and brand, this comes as no surprise. CLOs bring a unique combination of legal training, strategic thinking, and risk analysis to the table to best help prevent and, if need be, react to cybersecurity situations. Today’s report is the latest evidence that businesses increasingly recognize the CLO’s strengths in this area and are adjusting accordingly».
The report also highlights that 40 percent of companies report experiencing a data breach, while 21 percent of all organizations surveyed task their CLO to deal with breaches.
In general, there are wide implementation rates of cybersecurity strategies — from password and document retention to employee training — and greater participation of legal in these efforts. The presence of at least one in-house lawyer dedicated exclusively to cybersecurity is confirmed in 18 percent of companies (up from 12 percent in 2018). Of companies required to comply with GDPR, over half (58 percent) were required to hire a data privacy officer (DPO). Thirty-one percent of companies that were not required to do so hired a DPO anyway.
Furthermore, 36 percent of departments upping their budget for cybersecurity.