It may be an exaggeration to declare, as some commentators have suggested, that there are only two types of organisation – those that have been hacked and know it and those that have been hacked and don’t know it – but we do know that the risks are increasing exponentially.

What was once undeniably regarded as merely an IT issue is now on the boardroom agenda of major corporations the world over. As a result, legal teams inevitably find themselves tasked with responsibility for protecting every last piece of information produced by their companies. This, combined with some high-profile and headline-grabbing international breaches, means that data privacy has never caused more headaches for the in-house legal function.

With cybersecurity firmly established as a governance issue – one which requires input from every level of the organisation – it is paramount to have a data breach response plan in place. But what should it look like? How often should legal teams review the plan and liaise with regulators? How quickly should the company be able to assemble the incident response team?

Detailed guidance issued by the International Chamber of Commerce in April 2015 (ICC Cyber Security Guide for Business) urges organisations to “focus on the information rather than the technology”, and suggests that adequate preparation, a resilient mind-set and a clear leadership commitment are the key governance objectives.

Do you agree? We would love to hear your opinion.

Lexology will be running a session entitled “Cybercrime and information governance” which explores this topic in more detail at the Corporate Counsel Congress in New York on June 11. Our experienced panel will discuss the importance of weaving information governance into the corporate culture and run through the timeline and best practices for breach response. Register now to guarantee your place.


  • Suzanne Folsom, general counsel, chief compliance officer and senior vice president, United States Steel Corp
  • James T Kitchen, assistant US attorney, US Department of Justice
  • Ashley A Smith, managing director, Navigant Consulting Inc
  • Lisa J Sotto, partner, Hunton & Williams LLP