Dive Brief:
- For the second consecutive year, disputes over cybersecurity and data represent the greatest global risk to organizations, according to a report from Baker McKenzie.
- The majority, 3 in 5, of senior legal and risk officers name cybersecurity and data as presenting the greatest risk to organizations, according to the firm’s 2023 Global Disputes Survey, which is based on responses from 600 legal and risk officers at organizations in the U.S., U.K., Singapore and Brazil with annual revenue of at least $500 million.
- Cybersecurity concerns are becoming more frequent and they represent a range of challenges for companies, including the risk of financial, operational and reputational damage, according to the survey.
Dive Insight:
The biggest cybersecurity risk to companies is the actual risk of being hacked, according to Cy Vance, global chair of cybersecurity at Baker McKenzie, because all of the other legal threats stem from that initial act.
“Of course, different organizations will have different levels of cybersecurity dispute risk depending on their business or function, and how well they implement and enforce their cybersecurity protocols,” he said.
Corporate counsel, together with chief cybersecurity officers, can play a significant role in helping a company find their blind spots and potential legal risks related to cyber, Vance said. They can help develop better policies, training and procedures too.
As the threat of cybersecurity has grown, the regulatory response has led to an even greater level of risk for organizations.
“The level of sophistication in method – and the sheer number of attacks being executed – are certainly the main drivers,” Vance said. “But the increasing demands of regulatory authorities – across a patchwork of agencies and jurisdictions – has added another level of complexity.”
Companies are facing a range of new and proposed mandates to accelerate requirements for reporting a suspected data breach.
Historically, more than two-thirds of ransomware attacks went unreported in the U.S. and companies often made confidential arrangements to pay off sophisticated threat actors who often extorted millions of dollars from companies.
Vance said it is critical to develop a more unified regulatory framework moving forward.