ACC Foundation Releases Largest Study of its Kind on Cybersecurity Among In-House Counsel Study Underwritten by Ballard Spahr

Daniel McKenna, Tom Sager, Mark Stewart, Philip Yannella
Ballard Spahr LLP
Contact
LinkedIn
Facebook
X
Send
Embed

The Association of Corporate Counsel Foundation (ACC) released a State of Cybersecurity report underwritten by Ballard Spahr on December 9, 2015. The report provides valuable insights on cybersecurity issues from more than 1,000 corporate lawyers at 887 organizations worldwide—most of whom hold the position of General Counsel (GC) or Chief Legal Officer (CLO).

The report can be used by in-house lawyers to assess whether their companies are devoting appropriate time and resources to cybersecurity. If a company’s cybersecurity practices do not align with companies of a similar size in the same industry, it could be deemed unreasonable by the Federal Trade Commission and other federal regulators.

The State of Cybersecurity Report shows that:

  • Half of in-house attorneys want to increase their role and responsibility in cybersecurity, and 57 percent expect that the legal department’s role in cybersecurity matters will increase in the coming year;
  • Twenty-four percent of reported data breaches were caused by employee error, and although this was the highest single cause for reported data breaches, fewer than half of companies have implemented mandatory cybersecurity training for employees;
  • For those companies that have experienced a data breach, only 19 percent had cybersecurity insurance policies that fully covered the related damages;
  • Only 7 percent of in-house attorneys have the highest degree of confidence that their third-party affiliates are adequately protecting them from cybersecurity risks;
  • Few companies are proactively establishing third-party relationships that could assist in the event of a data breach, as only 33 percent have retained outside counsel and only 24 percent have retained an outside forensics firm to provide support following a data breach or other cybersecurity incident;
  • Only 57 percent of companies have policies and procedures in place to govern identity and access management;
  • Only 18 percent of companies have prepared an internal data map;
  • One-third of in-house counsel have experienced a data breach;
  • Fifty-seven percent of these companies reported that the information that was compromised during the breach was not encrypted;
  • Breaches are more than twice as likely to occur at large companies; and
  • Worldwide, in-house counsel say that reputational damage is their greatest concern relating to a potential breach, followed by loss of proprietary information, and economic damage.

ACC President and CEO Veta Richardson noted that, “Even companies with established cybersecurity preparedness programs continue to increase their spending in order to minimize ever-present risk.” Richardson further remarked that, “Unfortunately, no sector or region is immune. Our findings indicate that general counsel expect cybersecurity risk to only increase in the upcoming year.”

For more information on the ACC Foundation State of Cybersecurity 2015 Report, including details on how to purchase a copy or order a customized benchmarking report, click here.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Written by:

Ballard Spahr LLP
Ballard Spahr LLP
Contact
more
less

Ballard Spahr LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide