Cybersecurity Role, Spend on the Rise for Corporate Legal, ACC Foundation Cybersecurity Report Finds
Healthcare and social assistance, manufacturing, and finance/banking industries lead with highest percentages of companies reporting data breaches
Posted: May 1, 2018
WASHINGTON (May 1, 2018) — More than 40 percent of in-house lawyers stated their companies plan to change data security standards, breach notification procedures, and incident response plans as a result of the upcoming European Union General Data Protection Regulation (GDPR), and 63 percent in the United States strongly favor the implementation of a federal law that sets uniform data security and breach notification expectations, according to the Association of Corporate Counsel (ACC) Foundation: The State of Cybersecurity Report. Released by the ACC Foundation, which supports the mission of ACC, and underwritten by Ballard Spahr LLP, the report incorporated data and insights from more than 617 in-house lawyers at over 412 companies in 33 countries.
In-house lawyers anticipate their role in cybersecurity prevention and response, as well as cybersecurity budgets, to increase over the next 12 months. In fact, 63 percent of respondents noted growth in company funds dedicated to cyber incidents, compared to 53 percent in 2015. Chief legal officers (CLO) and general counsel (GC) at large companies are also more likely to serve as members of a data breach response team, compared with those at smaller companies.
"With the rising number of high-profile data breaches and increased focus on technology, it's no shock to see protection of corporate data become the fastest rising area of concern for legal and business executives," said Veta T. Richardson, ACC president and CEO. "Data can be a company's most valuable and most vulnerable resource. Legal departments play an essential role in formulating policies and procedures to mitigate cyber risk."
The report further underscored the importance of company-wide preparation and awareness to thwart the possibility of a breach. Among organizations with total gross revenue of $3 billion or more, 62 percent track mandatory training and attendance for all employees, 58 percent test employees' knowledge following required training, and 45 percent hold a simulated response drills. Additionally, 57 percent reported their company is covered by cybersecurity insurance — up 10 percentage points from 2015.
"The ACC Foundation's State of Cybersecurity Report provides unique and important benchmarking for in-house attorneys on a range of cybersecurity issues, including cyber insurance, vendor management, GDPR compliance and data breach preparedness," said Philip N. Yannella, partner, co-chair, privacy and data security at Ballard Spahr LLP. "For in-house attorneys in leadership roles with regard to cybersecurity, this report is a great resource."
Other significant findings from the ACC Foundation: The State of Cybersecurity Report include:
For more information on the ACC Foundation: The State of Cybersecurity Report or to purchase a copy of the publication, visit www.acc.com/cyber.
About the ACC Foundation: The ACC Foundation – a 501(c)(3) non-profit organization – supports the efforts of the Association of Corporate Counsel, serving the needs of hte in-house bar through research, leadership, professional development opportunities, and support of diversity and pro bono initiatives. The ACC Foundation partners with corporations, law firms, legal service providers, and bar associations to advance its goals. For more information, visit www.acc.com/foundation.