The Association of Corporate Counsel (ACC) Foundation today (25 March) released “The 2025 State of Cybersecurity Report: An In-house Perspective,” showing that globally, CLOs are quickly becoming integral leaders in cybersecurity strategy, holding leadership positions, and frequently reporting cybersecurity strategies to the company board. The results are based on a survey of 278 in-house legal professionals across 16 countries and 20 industries.
According to the ACC Foundation, the changes reflect a pivotal shift and recognition for the increasing legal and governance aspects of cybersecurity, making the CLO role essential for managing operational risks, incident response, liability, reputation management, and business continuity.
“Businesses today understand that cybersecurity is a significant, organization-wide threat with large-scale reputational, operational, legal, and financial implications,” said Veta T. Richardson, president of the ACC foundation and president & CEO of ACC. “As a result, the ACC Foundation’s 2025 State of Cybersecurity Report clearly shows the rapid expansion of CLOs and their teams being involved to lead and help navigate the complex terrain of cyber-related preparation, deterrence, and response.”
Key survey findings include:
- Half of CLOs (50%) report they are part of a team with cybersecurity responsibilities, even when they do not hold a specific leadership position in that area.
- An overwhelming majority (93%) of organizations have a member of the legal department as part of an incident response team. The CLO is a member in 73 percent of cases.
- 38% of CLOs are now in a leadership role regarding cybersecurity responsibilities, up from 15% in 2020.
- 32% of organizations have at least one dedicated cyber lawyer on staff, up from 18% in 2020.
- CLOs identified phishing and social engineering, data breaches, ransomware, fraud, and lack of awareness as top concerns of AI (artificial intelligence) powered cyber threats.
“The ACC Foundation’s Cybersecurity Report serves as a call to action for in-house counsel to embrace their expanding role, develop their cybersecurity expertise, and proactively address the legal and regulatory challenges presented by this ever-evolving threat landscape,” said Jennifer Chen, executive director of the ACC Foundation. “By taking a leadership role in cybersecurity, in-house counsel can protect their organizations from significant financial, reputational, and legal harm, ensuring business continuity and building a more resilient future.”
The report is available on the ACC Foundation website here.