The Association of Corporate Counsel (ACC) Foundation surveyed more than 1,000 in-house counsel to get their take on cybersecurity and its effects on the profession.
Cybersecurity and its potential risks and effects are reaching into almost every corner of organizations, including in-house counsel.
A new report from the Association of Corporate Counsel (ACC) Foundation surveyed more than 1,000 in-house counsel to get their take on cybersecurity and found that one-third reported that their companies had experienced a data breach and more than half reported their companies are spending more on data security.
“The State of Cybersecurity Report” also found areas where in-house counsel could be doing more to help prevent cyber breaches. For example, less than half of survey respondents reported that they had mandatory training on data security, which is significant given that the most common cause of data breaches are, reportedly, employee error.
“Employees are not trained, and that’s certainly a role for in-house counsel,” said James Merklinger, ACC vice president and chief legal officer. General counsel or chief legal officers can advocate for adequate training for all employees in order to further awareness about the types of information that are most likely to be stolen and how to avoid breaches.
Additionally, in-house counsel should ensure their companies have adequate insurance coverage should they face a cyber breach, and Merklinger advised mandating notifications from third-party vendors should they experience an attack.
“Less than two-thirds [of respondents] said they require third parties to notify them of a breach,” Merklinger said. Yet, in-house counsel, “may have a legal requirement to notify their members of a breach, but if they don’t know something occurred, then they’re certainly are not going to be able to notify them.”
While the survey provided insight into corporate counsel and its role in cybersecurity management, the survey was conducted as more of a public service than one relegated to a specific industry.
“You don’t have to be a lawyer to appreciate this,” Merklinger said. “It happened to reach out to lawyers because we wanted to get their take.” But the importance of data security affects all industries and professions, including associations.
“In an association the most valuable thing you have are your members,” Merklinger said. “So that personal information about them that people might want to steal is top of mind and a serious risk to associations.”