Corporate Counsel Whitepaper: Survey Shows Companies Struggling to Prepare for Cyberbreaches

Download Fish’s Cyber Security White Paper

In September 2015, ALM Marketing Services and Fish & Richardson conducted an online survey of in-house counsel to gain insight into the current state of U.S. corporate involvement and preparedness for cybersecurity events. The results show that, while the C-suite and board of directors support a culture of security, there is still a lot of work to be done.

Disconnect between buy-in and action

Incidence of Cyber Security Incident or Breach in Past 18 Months

While data breaches are in the news almost every day, only about 15% of those surveyed report a significant cybersecurity incident or data compromise over the past 18 months.

Based on their experience, companies may perceive that the odds of an incident occurring are low, and therefore have not aggressively prepared. Yet, nearly half of the respondents reported having over $1 billion in annual revenues, with the average revenue across all respondents well over twice that amount. Over half of the respondents reported having global business interests. Although any company can suffer a breach, no matter its size, one would expect that large and global companies would be prepared for what some would call an inevitable breach.

Respondents were given a list of ten specific preparedness measures that are considered best practices by cybersecurity experts. The results show that companies are not nearly as prepared as they should be. Only three measures have been fully implemented by at least 50% of respondents— (1) creating data security policies/procedures, (2) creating an incident response plan and (3) annually auditing policies/procedures. Even though most companies know by now to put these policies in place, approximately a third of respondents reported only partially implementing these measures. Policies are not fully effective unless employees know what they are and how to follow them, but less than half of respondents have fully put company-wide training programs in place. Near the bottom of the list, only 21% of respondents have implemented an annual audit of vendors for data security and incident response, one of the most critical components of an effective preparedness plan.

Click here to download the full cyber security whitepaper, including specific steps that general counsel should consider to close the preparedness gap.