Login to MyACC
ACC Members

Not a Member?

The Association of Corporate Counsel (ACC) is the world's largest organization serving the professional and business interests of attorneys who practice in the legal departments of corporations, associations, nonprofits and other private-sector organizations around the globe.

Join ACC

Forty percent of organizations surveyed report at least one data breach over the past year

WASHINGTON (July 28, 2020) – The Association of Corporate Counsel (ACC) Foundation’s 2020 State of Cybersecurity Report, released today, shows that 71 percent of companies give the chief legal officer (CLO) a key role in leading the organization’s cybersecurity strategy. The most comprehensive look at cybersecurity activities from the in-house perspective, the report surveyed 586 law departments across 36 countries and 20 industries.

“As modern CLOs’ roles and responsibilities continue to expand, cybersecurity strategy and oversight is unquestionably one area where we see the largest growth,” said Susanna McDonald, VP and CLO of ACC.

“Between the ever-increasing frequency of attacks and substantial risk to the organization’s operations and brand, this comes as no surprise. CLOs bring a unique combination of legal training, strategic thinking, and risk analysis to the table to best help prevent and, if need be, react to cybersecurity situations. Today’s report is the latest evidence that businesses increasingly recognize the CLO’s strengths in this area and are adjusting accordingly.”

The 88-page report covers a broad range of cybersecurity activities: legal department’s role, policies and practices, risk management, breach and incident experience, and working with the government and law enforcement. Some of the report’s highlights include:

•    Forty percent of companies report experiencing a data breach, while 21 percent of all organizations surveyed task their CLO to deal with breaches;
•    Wide implementation rates of cybersecurity strategies — from password and document retention to employee training — and greater participation of legal in these efforts;
•    The presence of at least one in-house lawyer dedicated exclusively to cybersecurity in 18 percent of companies (up from 12 percent in 2018);
•    Thirty-six percent of departments upping their budget for cybersecurity;  
•    Broad satisfaction (78 percent) with the safety of third-party vendors who handle company data, a 16-point gain on 2018’s figure;
•    Of companies required to comply with GDPR, over half (58 percent) were required to hire a data privacy officer (DPO). Thirty-one percent of companies that were not required to do so hired a DPO anyway.

The report is available at on the ACC website.

About the ACC Foundation: The ACC Foundation – a 501(c)(3) non-profit organization – supports the efforts of the Association of Corporate Counsel, serving the needs of the in-house bar through research, leadership and professional development opportunities, and support of diversity and pro-bono initiatives. The ACC Foundation partners with corporations, law firms, legal service providers, and bar associations to assist in the furtherance of these goals. For more information, visit

About ACC: The Association of Corporate Counsel (ACC) is a global legal association that promotes the common professional and business interests of in-house counsel who work for corporations, associations and other organizations through information, education, networking, and advocacy. With more than 45,000 members in 85 countries employed by over 10,000 organizations, ACC connects its members to the people and resources necessary for both personal and professional growth. By in-house counsel, for in-house counsel.® For more information, visit and follow ACC on LinkedIn, Twitter, and Facebook.