Traditionally, in-house counsel was responsible for a wide range of legal and business duties predicated on managing risk. Today, that role includes a relatively new set of risks — information security, cybersecurity, big data, and IoT. In-house counsel remains an essential component of any corporation looking to mitigate risk, but unless they understand and respect these modern threats, they could leave their companies exposed to a data breach.
How Overconfidence Can Breed Complacency
In 2015, Kroll and Kroll Ontrack surveyed 170 corporate in-house counsel to share their perspectives on modern legal challenges facing corporations. The survey revealed that in-house counsel have a skewed view of their organization’s security preparedness, an overconfidence that can lead to dangerous complacency. Among those surveyed, 76% of the in-house counsel stated that they had effective safeguards are in place to protect their organizations’ intellectual property.
Earlier this year, Voltemic found that 64% of organizations felt that compliance was effective at preventing data breaches, despite the fact that 61% experienced a breach in the past, and the Breach Confidence Index found that 83% of organizations were “fairly” or “very” confident they were secure against a data breach, also very out of line with the reality of the number of organizations experiencing data breaches.
Kroll’s 2016 Corporate Risk Survey indicated that in-house counsel felt that adequate safeguards were in place for intellectual property (and perhaps data in general), and yet the survey itself revealed large gaps in planning. For example, 47% of organizations do not have an information governance program in place and only 41% report that their organization’s incident response / data breach plans are regularly updated and/or tasted. A further 20% of in-house counsel admit that they never discuss data security issues with their organization’s head of technology.
Why In-house Counsel are so Confident about Preventing Data Breaches?
The overconfidence about data security could, in part, be due to an inaccurate assessment of risk. The survey revealed that two-thirds of respondents believe their organization is more at risk from external fraud than from internal fraud,
Despite the worrisome level of overconfidence, the survey revealed that in-house counsel believe the top 3 most pressing legal issues they face are:
- Data security / cyber security / privacy risks and the loss of PII
- Regulatory burdens and increased regulatory activity
- Compliance failures
Most in-house counsel agree that they would like to increase the use of technology systems to better manage risk and ensure compliance.
Ensure Adequate Security Measures are in Place
The state of your security preparedness does not need to be an uninformed guess. With Absolute DDS, you can use the summary information in the Absolute DDS status report to understand the state of your deployment and determine if your security achievement results are acceptable, or if additional work is required.
Download our report to learn how your organization can determine potential (or existing) conditions that could compromise your ability to comply with corporate and government regulations.