.jpg)
3 November, 2017
Cyber risks are not only increasing, but their nature and scope have evolved to include financial, legal, regulatory, and reputational risks. As a result, the responsibility of the general counsel is expanding.
Kroll recently partnered with Legal Week to survey 138 senior legal professionals around the world on the subject of cyber resilience and responsibility. In particular, we wanted to learn what general counsel are doing, and should be doing, to adjust to a dangerous world of evolving cyber risks.
Our findings revealed that while some GCs have fully embraced their widening mandate, some are more sanguine about their company’s risks, while others might even be avoiding the increased responsibility because they consider themselves unprepared to understand or manage cyber risks.
KEY FINDINGS
- GC role expanding: GCs reported greater involvement in the areas of planning (45%), monitoring (40%), reporting (37%), and responding (43%) to a cyber incident.
- GC involvement in the incident response plan (IRP) varies regionally: No GCs surveyed in Latin America are central to their company’s IRP, while 20% are in China, 53% in Europe, and 60% in North America.
- Communication lacking: 21% of respondents do not spend any time with their IT team, potentially missing critical context for understanding cyber risks.
- Training often not a priority: Only half of respondents’ companies provide mandatory training for all employees around cyber risk.
- Cyber insurance policy uncertainty: 33% in the Middle East, 67% in Latin America, and 75% in Southeast Asia do not know if employee mistakes are covered by their cyber insurance policy.
Click here to download the full report.
