The Association of Corporate Counsel (ACC) Foundation, in collaboration with Ernst & Young, LLP, has released the “2022 State of Cybersecurity Report, An In-house Perspective”. The data represents 265 companies across 17 industries and 24 countries, providing a comprehensive understanding of how legal departments of different sizes engage in cybersecurity matters.
The report covers a broad range of cybersecurity activities: the legal department’s role, policies and practices, risk management, and breach and incident response and shows that:
- 84 percent of companies now give the chief legal officer (CLO) a key role in the organisation’s cybersecurity strategy
- 20 percent more companies now require annual cybersecurity training for all employees compared to 2020
- 31 percent of legal departments say they are regularly involved in their company’s Third-Party Risk Management (TPRM)
- 38 percent of legal departments say they are spending more as a result of their approach to cyber, compared to a year ago
Damage to reputation, liability to data subjects, and business continuity are the top 3 areas of concern resulting from a data breach.
The full report is available for purchase on the ACC Website here. A two-page highlights document can be found here.