84% of CLOs help determine cyber strategy
New research from the Association of Corporate Counsel Foundation shows that the overwhelming majority of in-house leaders have a key role in shaping the cyber security strategies of their organisations.
The ACC Foundation, together with Ernst & Young, recently published its 2022 State of Cybersecurity Report, An In-house Perspective report, showing that nearly all chief legal officers are fundamentally important in the direction of cyber strategies for businesses and organisations.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
The report shows that 84 per cent of companies now give the CLO a key role in the organisation’s cyber security strategy, with one in five (20 per cent) cyber security professionals reporting directly or indirectly to the CLO, four in five (39 per cent) CLOs being part of a team with cyber security responsibilities, and 24 per cent of CLOs being part of cyber security incident response teams.
ACC vice-president and CLO Susanna McDonald said: “As modern CLOs’ roles and responsibilities continue to expand, cyber security strategy and oversight is unquestionably one area where we’ve seen the largest growth.
“Between the ever-increasing frequency of attacks and substantial financial and reputational risk to the organisation’s operations and brand, this comes as no surprise. CLOs bring a unique combination of legal training, strategic thinking, and risk analysis to the table to best help prevent and, if need be, react to cyber security situations.”
EY Americas cyber security leader Dave Burg added: “New and proposed regulations are requiring involvement of the CLO at the senior management table, giving greater visibility into security programs to close cyber defence gaps, particularly as it relates to current state maturity assessments, liability, insurance, and other legal and regulatory concerns.
“The surprise here, given the pervasive nature of cyber security risks and the ever-changing legislative and regulatory landscape, is that any organisation would exclude their CLO from helping to develop, shape and execute an organisation’s cyber security risk management strategy.”