A rising percentage of chief legal officers are helping to lead cybersecurity strategies at organizations, according to “The 2025 State of Cybersecurity Report: An In-house Perspective” report released by the Association of Corporate Counsel Foundation.
Thirty-eight percent of CLOs hold leadership positions regarding cybersecurity responsibilities – more than twice the 15 percent reported in 2020. The ACC Foundation said that this result highlights the recognition of cybersecurity’s expanding legal and governance aspects.
CLOs worldwide are often reporting cybersecurity strategies to boards, the report indicated. According to the ACC Foundation, the position has become key to operational risk management, incident response, liability, reputation management, and business continuity.
Thirty-eight percent of legal departments are part of third-party risk management efforts, up from 31 percent in 2020.
“Businesses today understand that cybersecurity is a significant, organization-wide threat with large-scale reputational, operational, legal, and financial implications,” said Veta T. Richardson, ACC Foundation president and ACC president and CEO, in a statement.
Richardson added that CLOs and their teams are increasingly being tapped to “help navigate the complex terrain of cyber-related preparation, deterrence, and response.” For CLOs, the leading artificial intelligence-powered cyber threats were phishing and social engineering, data breaches, ransomware, fraud, and lack of awareness; they considered reputational damage, liability and litigation, and business continuity threats to be the three main concerns related to cybersecurity threats.
The ACC Foundation report revealed that 93 percent of organizations have a legal department representative in their incident response teams, with CLOs being members in 73 percent of these organizations.
Fifty percent of CLOs are on a team with cybersecurity responsibilities. Thirty-two percent of organizations now employ at least one dedicated cyber lawyer – twice the percentage reported in 2020.
“By taking a leadership role in cybersecurity, in-house counsel can protect their organizations from significant financial, reputational, and legal harm, ensuring business continuity and building a more resilient future,” ACC Foundation executive director Jennifer Chen said. “The ACC Foundation’s Cybersecurity Report serves as a call to action for in-house counsel to embrace their expanding role, develop their cybersecurity expertise, and proactively address the legal and regulatory challenges presented by this ever-evolving threat landscape.”
“The 2025 State of Cybersecurity Report: An In-house Perspective” report surveyed 278 in-house legal professionals in 16 countries and 20 industries.