Back to Blog

In-House Counsel and Cybersecurity: The Need to Lead


For most companies, the in-house attorneys’ roles and responsibilities are not exactly delineated within a concrete list. Instead, their day-to-day duties, and the areas in which they are involved, tend to expand and shift, depending on the existing needs of the company. Obviously, the in-house team spends quite a bit of time reviewing contracts, crafting both internal and external documents and agreements, and helping the executive board make strategic decisions in a manner that mitigates risk.Of course, the nature of the potential risks that companies face continues to evolve as businesses increasingly rely on technology to handle the majority of their operations. For this reason, it is imperative for the in-house team to stay abreast of the risks related to the utilization of technology, particularly with respect to privacy and security breaches.

Understand the Risks and Consider the Consequences

There are no doubt a number of concerns associated with a data breach. Clearly, sensitive data may be exposed, stolen, and/or exploited. In addition, a company’s reputation may be ruined, the client list may dwindle, and strategic partners may jump ship. And, perhaps most unfortunate, the financial repercussions may be endless and even cataclysmic. After all, valuable intellectual property that is stolen can never really be recovered or restored, and any employee data that is leaked will undoubtedly lead to costly litigation.

The bottom line is that a data breach will inevitably have drastic effects on a company’s bottom line. It is imperative that in-house counsel understands the risks associated with a breach, as well as the many consequences that correspond to such an event. More importantly, the in-house attorneys must ensure that both the board and the leadership team recognize these risks and internalize the magnitude of the impact that such a breach may have, so that they will proactively seek to avoid such an occurrence at all costs.

Formulate a Protection Plan

If the primary role of in-house counsel is to ensure that a company takes adequate measures to protect itself, then this includes the formulation of an appropriate data security plan. In addition to having a keen eye for well-written instruments, attorneys have robust research experience and must use this to ensure that the company it represents is employing the most advanced technology available.

More specifically, this means ensuring that the vendors selected are appropriately vetted, the technology and systems implemented are suitable, and the agreements formalizing any such arrangements are structurally solid and explain the allocation of liability and costs in the event that the technology is compromised.

Engage Everyone

One of the primary roles of in-house counsel is to provide sound legal advice on virtually any and all matters. Thus, to properly serve in an advisory capacity, the team must consistently and constructively engage with all relevant parties. For some companies, this may require the frequent dissemination of internal memoranda to explain existing issues or concerns, whereas for others there may be informal meetings held monthly or quarterly. Ultimately, technology and security must be a top priority and a regular part of these discussions.

New call-to-action