Concerningly, it was reported that in roughly one in five instances, legal teams are not consulted when an incident occurs.

Ashurst surveyed 60 large Australia-based organisations and found “widespread concerns” within legal teams about their company’s risk management capabilities and procedures, particularly in the areas of cyber, regulatory change, data risk management, regulatory intensity, third-party risks, environmental, social, and governance (ESG) litigation, and workplace risks.

Over half reported barriers to managing risk, including delays in monitoring emerging risks, skills shortages, insufficient time to review details and a lack of ability to influence other functions.

In addition to struggling with the pressure of bearing responsibility for matters largely outside their control, more than half of in-house lawyers said they are expected to delegate across other functions.

“The view that these teams are responsible for all risk is dangerous when we consider that quite often, function-specific risk is outside their immediate areas of expertise or remit,” the report set out.

Partner and head of Risk Advisory Australia, Philip Hardy, said at the same time, general counsel are facing “significant organisational barriers” and are struggling to influence company-wide risk management to appropriately mitigate and respond to the risks.

“While collaboration with operational teams to ensure risk management during a turbulent economic and political period should be at an all-time high, the reality is this is lower than it needs to be.

VIEW ALL

“Managing all risk categories in-house is no longer feasible, and embracing external support offers a practical solution to the escalating demands of risk governance,” Mr Hardy said.

“That said, good planning is needed to understand where to invest in long-term capability in-house that is deep on expertise.”

In addition to being kept in the dark about the emerging risks within their company, in-house lawyers have reported their company has failed to keep up with evolving risks.

For example, despite the increasing attention on cyber security, two out of five companies have no related in-house skills.

More than 60 per cent said they were concerned about their company’s ability to keep up with “evolving and sophisticated methods of financial crime”, and 45 per cent said financial crime was not prioritised as a significant risk within the company.

This is in addition to feeling like they have to work “flat out” to keep up with the evolving risks. Some reported they have fallen behind due to increasing workload and demands for specialist expertise.

“Our research shows that across the board, in-house legal teams are under pressure and concerned about rising instances of risk,” Mr Hardy said.