How many businesses are collaborating with law enforcement?
New research shows the volume of organisations that are proactively working with law enforcement and other government agencies to address cyber security risks.
The Association of Corporate Counsel (ACC) has released its “2020 State of Cybersecurity Report: An In-House Perspective”, which – by way of surveying 586 companies across 20 industries and 36 countries – purports to shed light on the growing role that legal departments have with regards to organisational cyber security policies and procedures.
According to the report, almost half (47 per cent) of businesses say that they proactively collaborate with law enforcement and government agencies to address risks surrounding cyber security. This is up from 35 per cent in 2018 and 27 per cent in 2015.
The likelihood of proactive collaboration with law enforcement is dependent on its annual revenue. A total of 55.6 per cent of businesses with $3 billion or more in revenue per year say they engage with law enforcement, compared to just 42 per cent of companies with revenue of less than $100 million.
This trend is perhaps explained by the reasons offered by companies who do not undertake such proactive collaboration. When asked why collaboration was not occurring to address cyber security risks, three-quarters of those who say they do not, indicated it was because the organisation does not have the resources or knowledge base to engage with said law enforcement or government agencies.
Elsewhere, the report found that 16 per cent of organisations participate in an information sharing and analysis centre to share cyber threat information with other organsations and the government. In 71 per cent of cases, the legal department plays a role in that information sharing process, ACC said.
Moreover, among the organisations that are required to comply with GDPR, 58 per cent were required to appoint a data privacy officer (DPO), and among those not required to do so 31 per cent appointed a DPO anyway. In over half of those organisations, the DPO is a full-time employee reporting to legal.
In the same report, ACC found that 18 per cent of organisations currently have a lawyer for cyber security issues and practices, up from 12 per cent in its 2018 report.