Move over IT department. Somebody call legal. From hacks to crashes, it’s not so unusual for a data breach or a security threat to completely shut down company businesses. And these days, it’s not a question of if, but when.

So, companies have been taking notice. And it’s not just the IT department that’s getting the memo. It’s also legal. For the first time in a six-year survey by risk management company Advisen and Zurich North America, general counsel has now surpassed information technology (IT) as the department most frequently responsible for assuring compliance with all applicable federal, state or local privacy laws, including state breach notification laws.

So you’ve been put on notice. Now, what can you do about it?

Well, in that respect there are two kinds of companies — those that have the sensitive data and those that do not. And insurance agencies distinguish between those types, as you should.

Clients that could potentially carry more liability include healthcare, communications, financial and banking, and retail. And even though those industries are now certainly more aware of the risk and the need for mitigation, those businesses are still in the minority.

But those industries are also more likely to look outside the organization for help. For example, the survey reported that 55 percent of respondents from the personal data-driven segments look externally for risk mitigation services.

That means if you’re looking for areas where businesses are spending a little extra, it is there. That also means that if you’re serving as outside counsel to a company, now is the time to drill down, especially in pre-breach services and procedures.

And because these risks are company-wide, they also mean interdepartmental collaboration. Yet, still only 21 percent of respondents have an employee-education program.
So, join the more than 80 percent of C-Suite and the Board of Directors who rank cyber security threats as a significant risk to the business, and be vigilant.