Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Credit: wutzkohphoto/Shutterstock.com

With breaches happening left and right, it doesn’t take survey results to show that in-house leaders have cybersecurity on the brain.

But new data from Fox Rothschild indicates that a surprising number of corporate directors still aren’t trained to prevent such attacks. The new survey, released Wednesday, revealed that while 68 percent of respondents’ companies train employees on cybersecurity issues, and one-third train employees to prevent data breaches, only 14 percent train directors in these areas

“Just because you have initials or a title following your name doesn’t mean you are less vulnerable,” said Elizabeth Litten, Fox Rothschild’s privacy and data security practice co-chair. “You might be more vulnerable to phishing attempts targeting large quantities of data. I think that’s a big mistake.” 

Some 52 percent of respondents said executive and board awareness of cybersecurity issues was more important for company privacy than general employee awareness. But this sentiment didn’t seem to translate into actually keeping the board informed. Of the 53 survey respondents— CLOs, GCs and other in-house counsel at large companies— 27 percent never report to their directors on cybersecurity and data privacy.

“[Executives] should be asking the basic questions on a regular basis, to whoever is handling their IT issues, rather than just assuming, ‘Well I’ve delegated this downstream and I don’t have to worry about it,’” Litten said.

While more than half of executives reported their companies are at a high or very high risk for an attack and 75 percent have recently been impacted by phishing, 53 percent said they don’t have adequate cybersecurity and data privacy budgets to deal with a breach.

Two-thirds of the respondents spend less than 10 percent of their IT budgets on programs related to cybersecurity. That’s a figure that Mark McCreary, Fox Rothschild’s chief privacy officer and co-chair of its privacy and data security practice called the “bare minimum,” as the report notes the average cost of a data breach hovers near $6 million.

“Any company not dedicating at least 20 percent of their budget toward security on a baseline year, not an odd year, is making a mistake,” McCreary said. “It’s not ‘you buy something one year and you’re done.’ The tactics change, the ability to fight [breaches] changes.”

Caroline Spiezio

Caroline covers the intersection of tech and law for Corporate Counsel. She's based in San Francisco. Find her on Twitter @CarolineSpiezio.

More from this author

Lean Adviser Legal

Think Lean Daily Message

"A legal project is like a journey. I like to think of it as a plane journey, rather than say a road trip. On a road trip, you can change the destination midway, so resource planning is less important. A plane journey is not like that and neither is a legal project. It all starts with planning, meticulous planning."

Learn More


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2018 ALM Media Properties, LLC. All Rights Reserved.