More in-house lawyers dedicated to cyber security than before
New research shows a greater number of organisations with a dedicated legal counsel for cyber security matters compared to two years ago.
The Association of Corporate Counsel (ACC) has released its “2020 State of Cybersecurity Report: An In-House Perspective”, which – by way of surveying 586 companies across 20 industries and 36 countries – purports to shed light on the growing role that legal departments have with regards to organisational cyber security policies and procedures.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Among the findings was that there are more in-house counsel dedicated to cyber security than in years gone by. The report found that 18 per cent of organisations currently have a lawyer for cyber security issues and practices, up from 12 per cent in ACC’s 2018 report.
“In a majority of cases, this lawyer is responsible for cyber across the enterprise and is in an [executive-level] position in 56 per cent of organisations,” ACC wrote.
These dedicated counsel are, more often than not, situated at the executive level (56 per cent), while 38 per cent are staff lawyers and the remaining 7 per cent have “alternative” arrangements, such as a mixture of executive and staff-level legal counsel in a large legal department, or a single counsel situated at an intermediate level, reporting to an executive-level counsel.”
For those whose legal departments have dedicated cyber security counsel, a majority – 60 per cent – said that their cyber security lawyers are responsible for coordinating a cyberlaw strategy throughout the company.
Meanwhile, 40 per cent responded that their dedicated lawyers focus on specific aspects related to cyber security, such as products counsel or incident response, but without responsibilities for an organisation-wide approach to the matter.
Elsewhere, the report found that the legal department has a co-equal voice in setting the strategy to mitigate cyber risk in three out of five organisations (60.6 per cent), whilst just over one-third (36.3 per cent) said the legal department does not have this proportionate voice.