In-house lawyers have an opportunity to show their mettle as organisations defend themselves.

Looking ahead to 2016, I expect one word to dominate the legal landscape: cybersecurity. Often a word that comes up in discussion following a cyberattack, it is an area that in-house lawyers can use to make themselves indispensable to their organisation and become the trusted business adviser so often spoken about at events.

One might assume recent high-profile cyberattacks have planted seeds of concern in some CEOs’ minds about whether their own organisations are strong enough to defend themselves from a similar attack. Chances are their concerns pre-date any recent high-profile attacks.

The Association of Corporate Counsel, in its The State of Cybersecurity Report: an in-house perspective, found that nearly one in three in-house counsel respondents have experienced a data breach at their company. Nearly half (47%) of respondents said a breach took place in 2014 or 2015. 

According to the report, published this month, the most immediate concern relating to data protection breaches across the US, Canada, EMEA and Asia Pacific is damage to reputation or brand. Other concerns include government/regulatory action, litigation and preservation of lawyer-client privilege.

These are all areas where in-house lawyers have a pivotal role to play.

Then, of course, there’s the impending arrival of the Network and Information Security Directive. The EU-wide legislation will require operators of essential services in the energy, transport, banking and healthcare sectors, and providers of key digital services such as search engines and cloud computing, to take appropriate security measures and report incidents to the national authorities. 

The directive is not expected until 2018. But, as solicitor Peter Wright, chair of the Law Society technology and reference group, warned this month, organisations paying little or no attention to their governance measures around cybersecurity face a daunting task to make themselves fit for purpose.

So it is encouraging to see in the ACC’s report that over half (52%) of GC and chief litigation officer respondents want to increase their role and responsibilities in cybersecurity in 2016. 

’Though oversight of cyber-risk continues to sit firmly in the IT department, the legal role is also expanding,’ the report states. (The fact that more than a third of respondents reported employee error as the cause of a system breach reinforces the argument that cyber threats are not an IT problem, but an information security one.)

Media coverage was cited in the ACC’s report as an immediate concern related to data breach. Mark my words, cybersecurity will dominate headlines in 2016. But the in-house sector can be key to whether their organisations make headlines for the right or wrong reasons.

Monidipa Fouzder is a Gazette reporter

The Law Society CPD Centre is hosting a course on cyber fraud and security for law firms. For more information, please visit