The foundation released its ACC Foundation: The State of Cybersecurity Report last week, revealing that it is not just private practice firms that have to worry about data breaches.
“The report shows that 36 per cent of in-house counsel within Australia have experienced a data breach at either their current or former company,” ACC vice-president and managing director Tanya Khan (pictured) said.
“Unfortunately, no sector or region is immune. The findings indicate that general counsel expect cyber security risk to only increase in the upcoming year.”
The report found the top concerns regarding a data breach in Australia and New Zealand are loss of proprietary information, damage to reputation/brand, business continuity and shareholder activity.
The global report, underwritten by Ballard Spahr LLP, includes information from more than 1,000 in-house counsel at 887 organisations in 30 countries.
“With such high incident rates it is important for organisations to engage their legal department early, as doing so can ensure the team plays an active role in cyber security strategy, risk assessment and prevention,” Ms Khan said.
Within Australia and New Zealand, only 8 per cent of in-house counsel say their legal department spend has increased as a result of their company’s approach to cyber security. This compares with a global average of 23 per cent.
When it comes to cyber security insurance, only 25 per cent of in-house counsel in Australia and New Zealand say their organisation has it, with the global average sitting at 47 per cent.
However, 36 per cent of respondents in Australia and New Zealand said they are "very confident" that the law firms their company employs are appropriately managing the security of client data, while globally only 22 percent are "very confident".
Looking ahead, 50 per cent of in-house counsel globally said they want to increase their role and responsibility for cyber security, while 57 per cent expect that the legal department’s role in cyber matters will increase in the coming year.
The report also found that breaches were more than twice as likely at the largest companies and most often the result of internal factors.
Despite employee error being the most common reason for a breach, fewer than half of in-house counsel reported that mandatory training exists at their firms.