More than two-thirds of U.S. corporate lawyers surveyed favor a federal law setting uniform data security and breach notification requirements across the country, according to results released today by the Association of Corporate Counsel (ACC) Foundation in The State of Cybersecurity Report (2018).

Underwritten by Ballard Spahr, the ACC Foundation's report, subtitled An In-House Perspective, provides insights on corporate cybersecurity issues from more than 600 general counsel (GCs), Chief Legal Officers (CLOs), and other senior law department leaders at organizations worldwide.

The new report updates and builds on the 2015 edition, also underwritten by Ballard Spahr. The 2018 report reflects the fact that companies experienced more breaches than ever in 2017—up 45% from 2016—as in-house counsel continue to increase the amount of attention—and money—spent on protecting sensitive online data. The report includes survey results and supplemental information on industry and regional trends, common preventative tactics, lessons learned from those who experienced a breach, the impact of regulatory requirements, insurance decision making and coverage, and managing risk through outside support such as forensic experts and outside counsel.

Among U.S. corporate law department leaders, 28% "strongly favor" and 41% "somewhat favor" implementation of a federal law that sets consistent data security and breach notification standards and requirements across the United States. Corporate counsel in Canada, Europe, the Middle East, Africa, Asia Pacific, Australia, and New Zealand also showed general support for nationwide U.S. standards, although more overseas respondents were neutral on the issue than domestic corporate lawyers.

"States are enacting cybersecurity laws that vary in their requirements. This adds to the difficulty companies and their in-house lawyers face in complying, since online business activity frequently crosses state lines," said Philip Yannella, a leader of Ballard's Privacy and Data Security Group Ballard Spahr. "The State of Cybersecurity Report shows that most corporate law department leaders want to resolve these variations through a uniform law for the whole country."

The State of Cybersecurity Report (2018) also includes a self-assessment tool companies can use to assist their efforts.

"With the rising number of high-profile data breaches and increased focus on technology, it's no shock to see protection of corporate data become the fastest rising area of concern for legal and business executives," said Veta T. Richardson, ACC president and CEO. "Data can be a company's most valuable and most vulnerable resource. Legal departments play an essential role in formulating policies and procedures to mitigate cyber risk."

Other notable results from The State of Cybersecurity Report (2018):

  • One in Three In-house Counsel Have Experienced a Data Breach: Thirty-two percent of survey respondents report that they have worked or currently work in a company that has experienced a data breach. Respondents identify vendors' role and the importance of employee training as things they wish they had known before the breach.
  • Role of the Law Department Is Expanding: Two-thirds (67%) of respondents expected that their department's role would increase over the following 12 months, compared with 55 percent in the 2015 survey.
  • Company Budgets for Cybersecurity Are Growing: Sixty-three percent say the company cybersecurity budget will increase this year, up from 51% two years ago.
  • Confidence in Protection Provided by Vendors and Law Firms Little-Changed Since 2015: Only 6% of in-house counsel report high confidence that vendors protect the company, while 56% say they are somewhat confident and 21% are not at all confident. Seventy-two percent are at least somewhat confident that their outside law firms are appropriately managing their data security, but nine percent are not at all confident. These results are very similar to two years ago.

For more information on The State of Cybersecurity Report – 2018, please visit http://www.acc.com/legalresources/resource.cfm?show=1482513.

Related Practice