Data privacy tops list of general counsel concerns

Only 35 percent feel prepared for data breach

Download RFP
Man pointing at login pageGrant Thornton LLP and Corporate Counsel magazine recently surveyed corporate general counsel to get their views on the biggest challenges they face and to obtain their views on the keys to fostering solid business growth. The overwhelming theme is that General Counsel are faced with increasing organizational risks, predominantly in the areas of cybersecurity and data privacy.

As any casual observer of the news will indicate, the stakes are quite high and the threats are ever-evolving – both in terms of scope and sophistication. It is estimated that businesses may lose $3 trillion in 2020 to a variety of cybercrimes (up from $1 trillion in 2016). 

These trends are leading toward the conclusion that cybersecurity and data privacy might quickly become one of the most significant areas of white-collar crime and investigative work. For good reason, General Counsel are increasingly concerned about data breaches of sensitive information. Indeed, data security rated as their highest area of concern.

Businesses may lose 3 trillion in 2020

So how can law firms assist their clients with this growing threat? Costs are too high to simply act as if a threat is inevitable; preventative measures are key. Read on for guidance on how to approach your clients:

  • Develop a holistic approach. This needs to be a strategic effort aligned by industry-specific legal and regulatory requirements.
  • Companies need to become proactive in stepping up efforts to address cybersecurity risks. Grant Thornton suggests organizations:
    • Draft/revisit their data security policies to address increased risks;
    • Implement training programs which incorporate all levels of employees;
    • Develop (and regularly test) highly tailored incident response plans;
    • Identify and establish relationships with key outside advisors/experts; and
    • Revisit insurance coverage, including a detailed review of cyber or data-breach insurance.
  • Employ data analytics for compliance and risk assessment. Research indicates that (of the growing number of companies using data analytics) 15% of our respondents are experiencing major improvements in the use of analytics to evaluate the effectiveness of governance, risk, and compliance activities. In addition, data analytics helped to identify weaknesses in compliance controls and operational metrics used to run the business.
  • Develop an annual risk assessment process that will provide a roadmap and will help your client focus on business problems and move the company to grow strategically.

All companies need to address their overall business strategies, culture, and processes with regards to risk management. Grant Thornton suggests a cross-functional, integrated approach that is tailored to the company’s structure and culture, in a manner that contemplates both budgetary considerations as well as risk appetite. As legal departments continue to play a critical role in risk assessment, leadership needs to move to a mindset of risk agility. By discussing risk on a regular basis, organizations are more likely to turn risk management into a competitive advantage.

Gain more insights:

Thriving in an uncertain world: General Counsel’s emerging role as strategic advisor

Purple, gray, and green lines linking
Managing regulatory and cyberrisk: The General Counsel in an uncertain world

Man sitting at desk surrounded by screens
Recent cybersecurity incidents a wake-up call: Take action with these proactive steps

Brad Preber
National Managing Partner, Business Risk Services
T +1 602 474 3440

Erik Lioy 
National Managing Partner, Forensic Advisory Services
T +1 704 632 6915