In-House Counsel Note Organizations Unprepared to Deal With Human Error

By: Arieanna Schweber | 2/3/2016

The Association of Corporate Counsel (ACC) recently released its State of Cybersecurity Report giving a legal insider perspective to the current cybersecurity practices, prevention, protection and response standings at more than 800 organizations across 30 countries.

The survey focuses on the opinions of over 1,000 general counsel and chief legal officers who play a large role in creating best practices, meeting compliance and regulatory requirements and reacting to security incidents. This is the largest report to-date focusing on the opinions of in-house counsel, offering a different perspective on cybersecurity.

Some insights from the report include:

  • 50% of legal professionals want to increase their role and responsibility regarding cybersecurity
  • 45% of in-house counsel working at companies with 5,000 or more employees have experienced a breach (higher than for those in smaller organizations)
  • Following a data breach, 74% say that “minimal, moderate or significant” changes were made while 15% said no changes were made
  • The healthcare industry is almost twice as likely to experience a breach (56% versus 31%)
  • The healthcare industry also showed more preparedness, including cybersecurity insurance and agreements with third-party vendors to notify of breaches
  • Worldwide, in-house counsel are most concerned with damage to reputation, loss of proprietary information and economic damage following a cyber breach.

When you look at how systems were breached, the top areas of concern all involve people. Employee errors (24%), inside jobs (15%), phishing (12%) and definitely some of the lost laptops and devices (9%) can be attributed back to people within the organizations. Conservatively, people then account for at least 51% of data breaches examined in this study. Despite this high figure attributed to human error, less than half of organizations have mandatory training.

As corporate counsel for your organization, these results point to areas of preparedness that are currently being overlooked. A layered approach to data security, pairing education, policy and layers of technology, can go a long way to shoring up gaps. When it comes to reducing human errors, training must be supported by technologies that automatically alert IT of suspicious activity with remote options to lock down and protect data, preventing data breaches. Learn more about how we can help at

Financial Services