The growing role of the GC in preventing data breaches – being proactive, not reactive

Data security is a growing focus for companies and it is no longer just an IT issue.

According to a Legal Week Intelligence report, nearly 50% of General Counsel say planning for cyber-security incidents and responding to breaches is now part of their job – a figure that is likely to go up as the role of the GC expands as risk manager and advisory to the board. In a previous post we covered how GCs are increasingly viewed as leaders in the C-suite – and with that comes added pressure to take on a more proactive leadership role.

Reacting quickly when a breach occurs simply doesn’t cut it for the CEO/CFO and the board due to the high value data at stake such as intellectual property, trade secrets and confidential business information. Therefore General Counsel are expected to be constantly on the front foot in managing the risks to prevent breaches, and able to demonstrate it.

Impact of a data breach

A data breach is not just a legal issue but one that can really hurt (or even destroy) companies in the long run, with studies showing a potential average 5% drop in stock price and 7% loss in customers, totaling costs from $300k (€245k) to up to $14m (€11.4m). Not to mention the risk of personal liability that you or your Directors may also face if regulators and shareholders find that you didn’t take adequate measures to mitigate known data security risks.

The below pie chart breaks down where companies who experience a security breach are financially hit the most with reputation damage being number one. For companies who work so hard to build a name for themselves, to think that it only takes one incident to undo all that work should make data security a top priority. 

What’s more, if the data breach involves personal data, under the new General Data Protection Regulation (GDPR), your business may be subject to penalties of up to €20 million or 4% of your global revenue.

So the question is – are you properly equipped to play a more proactive role in protecting your company from data security threats and avoiding liability?

Preventing a Data Breach & Avoiding Liability

It is imperative that legal departments – not just IT, data protection or compliance experts – take all the appropriate measures available to them to protect the company against the threats that cause data breaches and have a response plan in place. In doing so, you can make sure your executive board and auditors are satisfied that you have taken all necessary steps on your part to prevent a breach and protect the company.

If you would like to learn more about the types of data security threats facing organisations and identify weak points, mitigation measures and prevent liability, then download our latest whitepaper, “Best Practices for Preventing a Data Breach & Avoiding Liability