Nearly 50% of general counsel say their role has expanded to incorporate planning for cybersecurity incidents and responding to such attacks, according to a new Legal Week Intelligence report.
The report, produced in association with Kroll, surveyed 138 GCs, legal directors and c-suite executives around the world to gauge their views on how corporates are responding to cybersecurity threats, comparing and contrasting current practices in Europe, Latin America, Middle East, North America, Southeast Asia, Sub-Saharan Africa and China.
The responses to the survey show that in many cases, the role of GCs has grown in relation to cyber risk. Forty-five percent of respondents said their role had expanded in the area of planning for a cyber incident, with 43% saying that their responsibilities had grown with regards to responding to such an event.
Although cybersecurity is increasingly falling under the remit of many GCs, one problem is frequently arising: how much senior in-house lawyers really understand the technology. “If you drew a Venn diagram of lawyers and those with a profound understanding of IT and communication networks, there’s probably a pretty thin overlap,” says BAE Systems group GC Philip Bramwell.
Bramwell adds: “Cybersecurity is not a risk that should stay within the expert IT community within an enterprise, because it will not to get allocated sufficient resource and attention. Pretty much all large enterprises will be subject to routine attacks, and one will get through sooner or later. GCs had better have a plan in place for an incident response.”