The Association of Corporate Counsel Foundation (ACC) released a State of Cybersecurity report underwritten by Ballard Spahr on December 9, 2015. The report provides valuable insights on cybersecurity issues from more than 1,000 corporate lawyers at 887 organizations worldwide—most of whom hold the position of General Counsel (GC) or Chief Legal Officer (CLO).

The report can be used by in-house lawyers to assess whether their companies are devoting appropriate time and resources to cybersecurity.

The State of Cybersecurity Report shows that:

  • Half of in-house attorneys want to increase their role and responsibility in cybersecurity, and 57 percent expect that the legal department’s role in cybersecurity matters will increase in the coming year;
  • Twenty-four percent of reported data breaches were caused by employee error, and although this was the highest single cause for reported data breaches, fewer than half of companies have implemented mandatory cybersecurity training for employees;
  • For those companies that have experienced a data breach, only 19 percent had cybersecurity insurance policies that fully covered the related damages;
  • Only 7 percent of in-house attorneys have the highest degree of confidence that their third-party affiliates are adequately protecting them from cybersecurity risks;
  • Few companies are proactively establishing third-party relationships that could assist in the event of a data breach, as only 33 percent have retained outside counsel and only 24 percent have retained an outside forensics firm to provide support following a data breach or other cybersecurity incident;
  • Only 57 percent of companies have policies and procedures in place to govern identity and access management;
  • Only 18 percent of companies have prepared an internal data map; 
  • One-third of in-house counsel have experienced a data breach;
  • Fifty-seven percent of these companies reported that the information that was compromised during the breach was not encrypted;
  • Breaches are more than twice as likely to occur at large companies; and
  • Worldwide, in-house counsel say that reputational damage is their greatest concern relating to a potential breach, followed by loss of proprietary information, and economic damage.

ACC President and CEO Veta Richardson noted that, “Even companies with established cybersecurity preparedness programs continue to increase their spending in order to minimize ever-present risk.” Richardson further remarked that, “Unfortunately, no sector or region is immune. Our findings indicate that general counsel expect cybersecurity risk to only increase in the upcoming year.”

For more information on the ACC Foundation State of Cybersecurity 2015 Report, including details on how to purchase a copy or order a customized benchmarking report, click here .

On January 12, 2016, Ballard Spahr will hold a webinar, “Lessons Learned: Best Practices for In-House Counsel from the ACC Cybersecurity Report,” from 12:00 p.m.-1:00 p.m. ET. The webinar will feature an in-depth discussion of the ACC survey results. We will summarize the lessons learned and provide practical takeaways that in-house attorneys can begin implementing right away to enhance their overall level of cybersecurity preparedness. To register for this event, please follow this link.

Ballard Spahr's Privacy and Data Security Group is comprised of experienced attorneys with experience in conducting cybersecurity risk assessments, drafting information security plans, and representing companies in responding to information breaches and related litigation. For more information, contact Privacy and Data Security Group Practice Leader Philip N. Yannella, the authors of this alert, or the Ballard Spahr attorney with whom you work.

Copyright © 2015 by Ballard Spahr LLP.
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.