Global Legal Post: Most companies still vulnerable to cyber attack, study finds

Originally Published in Global Legal Post | March 16, 2016 | By Kathryn Higgins

A new study from Consero Group has found that the vast majority of in-house departments are unprepared to deal with the legal fallout of a cybersecurity breach, despite most citing cybersecurity as a major risk facing their company.

Increasing awareness among in-house lawyers of cyber-based risks as a major legal threat does not yet seem to have translated into meaningful preemptive action. A recent survey of 66 senior legal executives conducted by Consero Group and AegisAdvantage found that just 29 per cent of organisations feel ‘prepared to handle the repercussions of a cybersecurity incident’, despite one in three reporting having experienced a breach in the last 12 months. Furthermore, around one in five of the GC surveyed said that they had little to no involvement in their organisations’ cyber security efforts – a troubling sign that companies may be sitting ducks for cyber-fueled legal risks.

Just over half of Consero’s survey respondents flagged cybersecurity as the most significant risk facing their companies moving forward. A further 50 per cent selected risks to data privacy as their biggest concern. While 60 per cent of respondents said that they were ‘very involved’ in their company’s broader risk management efforts, a considerable number of in-house lawyers still seem to be left out of conversations about risk. Moreover, at least 26 per cent of surveyed general counsel said that data and cyber security breaches were not covered by their company’s current insurance policies.

According to the report’s authors, companies which fail to fully utilise their in-house lawyers do so to their own detriment. ‘The value of legal departments is generally known and appreciated among senior management teams today, which helps to further in-house legal priorities. However, budgetary constraints and lack of involvement on certain high-risk matters such as cybersecurity may hinder departmental and corporate progress,’ the report warns.