With regulators and government agencies increasingly interested in private companies’ preparedness and accountability for cybercrime, the time and skills burden on general counsels will only increase, the report found.
Despite the significant legal requirements attached to cybercrime, such as mandatory notifications, the obligation to protect personal data and customer remediation, less than half of legal teams felt they had sufficient in-house experience to deal with cyber risk, and the consequences of an attack, effectively.
Reflecting this increasing burden, 65 per cent of general counsel said legal departments were either working “flat out” just to keep up, or “falling behind”.
Counsel are increasingly turning to outsourcing to solve their staffing and expertise difficulties.
Mr Hardy said that while “highly complex and technical skills” were needed for some areas of risk management and were unlikely to be brought in-house, there was “a need for a baseline level of capability within legal teams”. This particularly applied to lawyers with experience in and knowledge of contemporary risk factors, such as cyberattacks, financial crime and data governance.
“It’s definitely an investment worth making.”
Moving in-house has long been seen as an attractive off-ramp from the demands of a career in the large corporate law firms. But on the strength of the latest data, Mr Hardy said that perception was proving outdated . “They’re working pretty hard at the moment,” he said.