Survey of GCs Sees Cybersecurity Risk, Anxiety

Despite the growing threat of computer security breaches, some 30 percent of general counsel in a recent survey said their companies were not prepared to deal with such a crisis. And experts say more GCs need to overcome their technophobia and help their firms face the increasing risk.

Among the most fearsome threats facing corporations in 2012 was an increasing proliferation of cybersecurity breaches of various orders of complexity and impact, according to the 2012 General Counsel Survey, by global consultants Consero Group. The survey, produced in partnership with Applied Discovery Inc., is based on responses from 48 general counsel in December 2012.

From terrorism to competitive attacks to random hacking, global businesses have their hands full keeping systems and data safe, the report warned.

Indeed, the stakes are high for general counsel in this areaparticularly in highly regulated industries, it said.

Some 28 percent of the GCs surveyed indicated that their companies had experienced a cybersecurity breach over the last 12 months. And that figure may be low.

Its safe to assume that a breach is a source of great anxiety and embarrassment for large companies. So there is a natural disinclination to report it, explained attorney Paul Mandell, founder and chief executive of Consero. The group is located in Bethesda, Maryland.

But cybersecurity was clearly a very hot topic and a source of concern for the general counsel, Mandell added.

The theft of company data by employees is also a growing concern, Mandell said, and there was quite a bit of discussion [among general counsel] about employees bringing their own devices [BYOD] to work. Its a huge issue.

So far there is very little understanding of what the best practices are in the BYOD area, he said.

Mandell explained that much of the anxiety about cybersecurity stems from lawyers not generally being tech savvy by nature, and the fact that no one has found a perfect solution for protecting data.

The report explained that a companys GC also must be aware of international regulatory requirements regarding digital security, while ensuring compliance and addressing breaches when they result in litigation or government action.

The trend Mandell sees is for general counsel to increasingly explore the addition of tech-savvy attorneys, like those who handle intellectual property.

Stan Stahl, cofounder and president of Los Angeles-based Citidel Information Group, another cybersecurity consultant, said hes not surprised that 30 percent of GCs say their companies are not prepared.

We find the companies we go into are woefully unprepared to deal with a cyber breach, Stahl said. There is the misconception that firewalls and anti-viral programs protect everything, and thats a myth.

He also agreed that the 28 percent who reported security breaches might be low because the incentives are to not report them.

Stahl explained, If you report a breach, your costs are going to be, say, about $200 per record, and you may have 1,000 people in your database. If you do not report that breach and dont get caught, you can save yourself $200,000. So I would tend to think that a significant number of breaches go unreported.

He concurred with Mandell that some of the problem is that top management, including the general counsel, does not understand how technology works. They have a tendency to simply send the problems to IT.

The IT folks may know technology, but not necessarily security, Stahl said. Many attacks that come in today take advantage of human weaknesses, and not just weak technology.

He gave the example of a payroll clerk who clicks on a link purporting to be from Facebook about her high school reunion. Instead, the link downloads malware onto the company computer system, traces her keystrokes, and allowes hundreds of thousands of dollars to be diverted from the companys payroll account.

What can the GC do? The most important thing is to create an ongoing culture of cybersecurity best practices across the company. Its not like you can just get a flu shot and now youre OK, Stahl said. Its more like everyone has to diet and exercise every day.

Stahl added, Our motto is, it takes the village to secure the village.

See also: "Obama announces cybersecurity executive order," The National Law Journal, February 2013.

Featured Firms

Law Offices of Gary Martin Hays & Associates P.C.

75 Ponce De Leon Ave NE Ste 101

Atlanta, GA 30308

(470) 294-1674

www.garymartinhays.com

Law Offices of Mark E. Salomone

2 Oliver St #608

Boston, MA 02109

(857) 444-6468

www.marksalomone.com

Smith & Hassler

1225 N Loop W #525

Houston, TX 77008

(713) 739-1250

www.smithandhassler.com

Presented by BigVoodoo

More From ALM

As generative artificial intelligence inspires one of the biggest transformations in generations, Practical Guidance continues to provide the latest tips to help you prepare for the rapid evolution in the way attorneys work.

Practical Guidance Journal: Protecting Work Product in a Generative AI World

Brought to you by LexisNexis®
Download Now

The recent SEC release comes with significant changes for private fund managers. Hear expert insights on what happened, what it means, and what the compliance considerations are.

Countdown to Compliance: SEC Private Fund Reforms

Brought to you by Ontra
Download Now

Find out what features make a code of conduct most effective. Hint: it’s not just the rules.

9 Ethical Code of Conduct Examples for the Business Professional

Brought to you by LRN
Download Now

Premium Subscription

With this subscription you will receive unlimited access to high quality, online, on-demand premium content from well-respected faculty in the legal industry. This is perfect for attorneys licensed in multiple jurisdictions or for attorneys that have fulfilled their CLE requirement but need to access resourceful information for their practice areas.
View Now

Team Accounts

Our Team Account subscription service is for legal teams of four or more attorneys. Each attorney is granted unlimited access to high quality, on-demand premium content from well-respected faculty in the legal industry along with administrative access to easily manage CLE for the entire team.
View Now

Bundle Subscriptions

Gain access to some of the most knowledgeable and experienced attorneys with our 2 bundle options! Our Compliance bundles are curated by CLE Counselors and include current legal topics and challenges within the industry. Our second option allows you to build your bundle and strategically select the content that pertains to your needs. Both options are priced the same.
View Now

From Data to Decisions

Dynamically explore and compare data on law firms, companies, individual lawyers, and industry trends.

Exclusive Depth and Reach.

Law.com Compass includes access to our exclusive industry reports, combining the unmatched expertise of our analyst team with ALM’s deep bench of proprietary information to provide insights that can’t be found anywhere else.

Big Pictures and Fine Details

Law.com Compass delivers you the full scope of information, from the rankings of the Am Law 200 and NLJ 500 to intricate details and comparisons of firms’ financials, staffing, clients, news and events.

General Counsel Summit (GCS) 2024

August 12, 2024 - August 13, 2024
Sydney, New South Wales

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Learn More

General Counsel Conference Southwest 2024

September 18, 2024 - September 19, 2024
Dallas, TX

Join General Counsel and Senior Legal Leaders at the Premier Forum Designed For and by General Counsel from Fortune 1000 Companies

Learn More

Women, Influence & Power in Law (WIPL) 2024

September 23, 2024 - September 24, 2024
Chicago, IL

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Learn More