Thirty-eight percent of companies now expect to increase their cyber-related spend over the coming year.
WASHINGTON – The Association of Corporate Counsel (ACC) Foundation, in collaboration with Ernst & Young, LLP, is pleased to present the “2022 State of Cybersecurity Report, An In-house Perspective.” The report shows that 84 percent of companies now give the chief legal officer (CLO) a key role in the organization’s cybersecurity strategy:
- 20 percent: cybersecurity reports directly or indirectly to the CLO.
- 39 percent: CLO is part of a team with cybersecurity responsibilities.
- 24 percent: CLO is member of cybersecurity incident response team.
“As modern CLOs’ roles and responsibilities continue to expand, cybersecurity strategy and oversight is unquestionably one area where we’ve seen the largest growth,” said Susanna McDonald, VP and CLO of ACC. “Between the ever-increasing frequency of attacks and substantial financial and reputational risk to the organization’s operations and brand, this comes as no surprise. CLOs bring a unique combination of legal training, strategic thinking, and risk analysis to the table to best help prevent and, if need be, react to cybersecurity situations. Today’s report is the latest evidence that businesses increasingly recognize the CLO’s strengths in this area and are adjusting their approach accordingly.”
“New and proposed regulations are requiring involvement of the CLO at the senior management table, giving greater visibility into security programs to close cyber defense gaps, particularly as it relates to current state maturity assessments, liability, insurance, and other legal and regulatory concerns,” said Dave Burg, EY Americas Cybersecurity Leader. “The surprise here, given the pervasive nature of cybersecurity risks and the everchanging legislative and regulatory landscape, is that any organization would exclude their CLO from helping to develop, shape and execute an organization’s cybersecurity risk management strategy.”
The report covers a broad range of cybersecurity activities: legal department’s role, policies and practices, risk management, and breach and incident response.
Report highlights include:
- 22 percent of companies now have a dedicated cybersecurity lawyer.
- 20 percent more companies now require annual cybersecurity training for all employees compared to 2020.
- 31 percent of legal departments say they are regularly involved in their company’s Third-Party Risk Management (TPRM).
- 38 percent of legal departments say they are spending more as a result of their approach to cyber, compared to a year ago.
- Damage to reputation, liability to data subjects, and business continuity are the top 3 areas of concern resulting from a data breach.
The report is available on the ACC Website here. A two-page highlights document can be found here.
The data included in this report represents 265 companies across 17 industries and 24 countries, providing a comprehensive understanding of how legal departments of different sizes engage in cybersecurity matters.
###
About the ACC Foundation: The ACC Foundation – a 501(c)(3) non-profit organization – supports the efforts of the Association of Corporate Counsel, serving the needs of the in-house bar through research, leadership and professional development opportunities, and support of diversity and pro-bono initiatives. The ACC Foundation partners with corporations, law firms, legal service providers, and bar associations to assist in the furtherance of these goals. For more information, visit https://www2.acc.com/foundation/.
About ACC: The Association of Corporate Counsel (ACC) is a global legal association that promotes the common professional and business interests of in-house counsel who work for corporations, associations and other organizations through information, education, networking, and advocacy. With more than 45,000 members in 85 countries employed by over 10,000 organizations, ACC connects its members to the people and resources necessary for both personal and professional growth. By in-house counsel, for in-house counsel.® For more information, visit www.acc.com and follow ACC on LinkedIn, Twitter, and Facebook.
About EY: EY exists to build a better working world, helping create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data, and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit ey.com.
Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US.