That same survey was taken again in 2013, and the results were released last week in a report entitled “Law in the Boardroom.” The gist of the report is that “the newest area of major concern continues a trend noted in last year’s study: data security and IT risk is one of the most significant issues for both directors and general counsel.”
Here are some other significant findings in the survey:
- More than one-quarter of director and general counsel respondents earmarked cyber risk as an area that will require their attention in 2013.
- The average annualized cost of cybercrime jumped 6% to $8.9 million in 2012.
- Interestingly, general counsel do not seem to think directors will be spending as much time on this topic as the legal department itself will.
- Only one-third of general counsel felt “very confident” in their company’s ability to respond, and less than one-quarter of directors agree. Only 51% of GCs are at least somewhat confident in their company’s ability to handle a breach.
In short, a company’s preparation for and response to cyber threats remain top concerns for general counsel and directors alike. Fortunately, more companies are taking proactive measures, like mapping or inventorying data to apply the most stringent security safeguards to the most sensitive information. Other proactive measures companies should consider include reviewing and revising information security policies, evaluating how to more effectively incorporate privacy and security concerns into the corporate culture, and refreshing employees on the risks and best practices in collecting, storing, using, and disposing of sensitive consumer and proprietary information.
DISCLAIMER: The opinions expressed here represent those of Al Saikali and not those of Shook, Hardy & Bacon, LLP or its clients. Similarly, the opinions expressed by those providing comments are theirs alone, and do not reflect the opinions of Al Saikali, Shook, Hardy & Bacon, or its clients. All of the data and information provided on this site is for informational purposes only. It is not legal advice nor should it be relied on as legal advice.