Are data breaches the new normal for law departments? Yes, according to a recent report by the Association of Corporate Counsel (ACC). The in-house lawyer group says that according to the Identity Theft Resource Center, there more data breaches last year than in any prior year—and, take a deep breath, resulting in a 45 percent increase over 2016.
Okay, so get IT to stop them, right? Not exactly. Legal departments and their general counsel have increasingly been drawn into the prevention planning—they aren’t just dealing with the aftermath. And that’s why ACC surveyed in-house attorneys in 33 countries to get a sense of how this new normal is affecting them.
ACC asked in-house attorneys whether they expected their role in cybersecurity is growing, decreasing, or staying the same. In 2015, 55 percent of the respondents said their role is growing; for the latest survey, 67 percent said the same thing. One in three said that they’ve been at a company that experienced a data breach, while only 10 percent said the same thing before 2015.
Corporate legal departments aren’t fighting the battle alone. One third of the respondents said that they proactively collaborate with law enforcement, which is up from 27 in the previous, 2015, survey.
It gets less clear when talking about the European Union’s General Data Protection Regulation (GDPR). Less than half—39 percent—of the respondents say that their company is required to comply with the GDPR. This may be a reflection of ACC’s membership, or that of legal departments in the U.S. in general. A large portion of those are small departments working at smaller companies that may not do much business overseas.
Some of the findings aren’t exactly earthshattering. Six in 10 report that their companies have mandatory cybersecurity training, while four in 10 conduct yearly cybersecurity audits. Cybersecurity budgets are growing—63 percent said they were, in fact. And large swathes of the respondents say that training and cross-department cooperation is essential.