Cybersecurity, Data Protection Top Litigation Concerns
A survey of in-house counsel at organizations worldwide suggests cybersecurity and data protection disputes were top of mind in 2021.
A smattering of new data protection laws, an influx of remote workers, and an increase in cyberattacks appear poised to drive a new wave of cybersecurity litigation over the next few years.
That’s at least according to legal professionals whose opinion was sought for a recent survey on litigation trends.
As part of its annual survey, global law firm Norton Rose Fulbright asked more than 250 general counsel, ranging from large organizations to small boutique startups what the largest challenges their teams faced.
On the legal front, chief among respondents’ concerns were cybersecurity and data protection issues, many stemming from a new, largely remote workforce.
While having scores of employees working from home wasn’t a new thing in 2021 – for many organizations it was widely introduced and, in many cases, mandated in 2020 in the wake of the COVID-19 pandemic – the concept became more fully entrenched in workplace culture last year.
In fact, two thirds (66%) of litigation leaders asked said they felt more exposed to cybersecurity and data protection disputes in 2021, up from 44% of respondents in 2020. Only 4% of respondents said they felt less exposed to potential data protection disputes last year.
To blame, general counsel cited the increasing complexity of attacks, diminished oversight of employees and contractors in remote environments, and in some cases, the sheer amount of client data they find themselves responsible for managing.
Respondents who didn't feel like they were concerned about a possible dispute involving cybersecurity and data protection last year said their organization either increased resources devoted to protecting data and shoring up their cybersecurity or had trust in their IT department.
To help, organizations have also implemented encryption tools to better regulate, restrict, and monitor access and deployed cybersecurity training to train employees about the danger of phishing and social engineering attacks. They're also conducting internal reviews to ensure their organization is staying on top of changing data protection regulations.
The findings aren’t too surprising given recent legislative movements.
In the financial world, awareness is up around the legal requirements of organizations after the Federal Trade Commission, the Federal Deposit Insurance Corporation, and the U.S. Securities and Exchange Commission recently made moves to tighten up incident reporting of late.
Earlier this year, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act into law, something that obliges many organizations to report ransomware payments and cyberattacks within set time frames.
Failure to do so, especially if a breach has occurred, could sting but also leave a lasting impact on an organization if they haven’t done their due diligence around safeguarding their workers and the data they handle.