The digital age has fundamentally reshaped the risk landscape for organizations, with cybersecurity emerging as a paramount concern. No longer solely a technical issue relegated to IT departments, cybersecurity now presents complex legal, reputational, and operational challenges that demand strategic attention from the highest levels of leadership.
This report, based on a survey of 278 in-house professionals across 16 countries and 20 industries, explores the role of chief legal officers (CLOs) and their legal departments in this complex terrain, revealing a significant shift towards greater legal leadership in cybersecurity strategy, implementation, and oversight.
The survey findings paint a clear picture: cybersecurity is no longer just about firewalls and antivirus software; it is about legal liability, regulatory compliance, business continuity and, ultimately, protecting the organization's reputation and bottom line. Several key findings highlight this evolving reality:
- CLOs are taking charge: The strategic influence of CLOs in cybersecurity is rapidly expanding.
- Dedicated cyber expertise is on the rise: Legal departments are increasing prioritizing dedicated cybersecurity expertise by hiring specialized in-house counsel.
- Breach concerns are shifting: Reputational damage remains a significant concern, but organizations are also focusing on the legal and operational risks associated with data breaches.
- Training and policies are becoming more robust: Mandatory cybersecurity training for all employees is now nearly ubiquitous.
- Vendor risk management is maturing: Legal departments are now playing a more active role in evaluating vendor cybersecurity practices and managing third-party risks.
The ACC Foundation is pleased to share this report, serving as a call to action for in-house counsel to embrace their expanding role, develop their cybersecurity expertise, and proactively address the legal and regulatory challenges presented by this ever-evolving threat landscape.