For the second year in a row, corporate directors and general counsel have ranked cybersecurity as a top-of-mind concern. On May 8, Corporate Board Member and FTI Consulting released the results of their 2013 Law in the Boardroom survey of over 550 directors and general counsel. As the report notes, “the newest area of major concern continues a trend noted in last year’s study: data security and IT risk is one of the most significant issues for both directors and general counsel.” Hogan Lovells partner Harriet Pearson explained why cybersecurity has become a top-of-mind concern as part of her article on “Cybersecurity: the Corporate Counsel’s Agenda,” which presented a ten-point agenda for managing cyber risk.
The survey found that data security was a close second for both directors and general counsel on the list of issues that will keep them up at night. And more than a quarter of all respondents ranked cyber risk oversight as an area that will require their attention in 2013. These results are unsurprising given the past year’s heightened congressional and executive scrutiny on cybersecurity issues (e.g., congressional hearings on cybersecurity and NIST’s development of a Cybersecurity Framework), coupled with increasing media coverage of cybersecurity incidents such as this report on a coordinated “cyberheist” that stole $45 million from 2,904 ATMs in a matter of hours.
The survey also included a question specifically asking respondents about their level of confidence with respect to the following question: “Can your company quickly detect a cyber breach and determine whether confidential data was compromised?” Only 22 percent of directors and 32 percent of general counsel responded that they were “very confident”; another 63 percent of directors and 51 percent of general counsel responded that they were “somewhat confident.” That left roughly 15 percent of all respondents indicating that they were “not confident” in their companies’ cybersecurity detection and response capabilities.
Corporate counsel can view recommendations for how to respond to cybersecurity breaches by listening to the Hogan Lovells webcast on “Hacked? What’s Next? Handling Cybersecurity Breaches in 2013.” Additionally, Hogan Lovells is sponsoring the inaugural Cybersecurity Law Institute on May 22–23 at the Georgetown University Law Center in Washington, DC, which will explore how in-house and outside counsel can manage cyber threats with a meaningful strategy.