Corporate Legal And IT Departments Disagree On Data Breach Preparedness And Response

Nearly 87% of IT professionals believe their organization is well-positioned to deal with a data breach, compared to only 55% of their corporate legal counterparts, survey finds.

April 16, 2020


Jacksonville, FL (April 16, 2020) Special Counsel, the nation's leading provider of end-to-end legal solutions, today released results of a Data Breach Response survey, in partnership with Relativity, a global legal technology company headquartered in Chicago. The survey captures responses from over 500 corporate legal and IT professionals about a variety of topics related to data breach preparedness, protection, recovery and how well legal and IT professionals work together to help address and prepare for potential data breaches within their respective organizations. While the survey was conducted before the global COVID-19 outbreak began, the data reveals contrasts that are likely intensifying as a result of the ongoing pandemic.

The survey found that the majority of legal and IT professionals surveyed (51.5%) agree that a data breach is the most detrimental incident to occur within an organization, compared to other types of crises like an employee or financial scandal. However, the groups are not aligned on the level of protection and preparedness at their organization, as well as how confident each group is in their legal or technology counterparts within an organization. 86.9% of IT professionals feel their organization is extremely or very well prepared to deal with a data breach, while only 54.8% of legal professionals agree.

"With the ever-present threat of a data breach, and the multitude of access points, we wanted to see how prepared organizations are today to prevent or respond to a breach," said Chis Gallagher, President of U.S. Professional Solutions at Special Counsel and its parent company, The Adecco Group. "Because of the COVID-19 pandemic, we are seeing an exponential increase in the number of employees working remotely around the world, using virtual tools and programs to keep in touch. It's even more important for internal stakeholder groups—like an organization's legal and IT teams—to be aligned on a data breach response plan to help resolve any fallout. This survey made it clear to us that there is still plenty of work to do to make sure these two groups know the facts and operate in lockstep during incidents like a data breach."

Data breach response and financial implications

While over 70% of all respondents (70.6%) believe it would take their organization 24 hours or more to detect and respond to a data breach, the survey revealed discrepancies between the two group's specific expectations around data breach detection and response time. 51% of IT professionals surveyed believe their organization would detect and respond to a data breach within 24 hours, compared to only 7.5% of their legal counterparts. In actuality, 23% of legal professionals believe it would take their organization a full business week to detect and respond to a breach, and nearly 56% of legal professionals believe it would take longer than a business week.

In addition, legal and IT professionals fundamentally disagree on the financial implications related to a data breach. Nearly 42% of IT professionals believe that the cost-per-record exposed during a data breach is $5 or less, while over 70% of the legal professionals surveyed believe the cost-per-record exposed during a data breach to be over $50.

Working Together

Interestingly, these two groups even had varying levels of confidence in how well their respective teams work with each other within their organizations, with legal teams being more critical of how well they work together. From the corporate legal perspective, 54.0% of these respondents believe they work extremely or very well with their organization's technology department to align on data protections and policies—80.9% of IT professionals believe the same. Inversely, IT professionals are also more confident in their own abilities, with 81.7% of IT respondents believing their teams work well with legal. Only 52.4% of the legal professionals surveyed agree with that sentiment.

When it comes to regulatory requirements, the same discrepancies hold true. IT professionals feel extremely or very confident that their technology department understands regulatory requirements, while only 57.9% of legal professionals agree. The groups also have differing opinions on data storage, with legal professionals favoring the public cloud, while their IT counterparts prefer storing data via the private cloud.

Despite the stark differences in confidence and response knowledge, there are two areas where legal and IT professionals fundamentally agree with each other. 81% of legal professionals said their organization is positioned extremely or very well to deal with a breach from a legal perspective and 79% of IT professionals are in agreement. Responses related to an organization's data breach and cyber liability policy are also fairly aligned with 31.0% of legal professionals and 40.6% of IT professionals reporting that their organization have both policies in place.

"If you look at the data from our survey, it represents a disconnect between an organization's legal and IT departments when business is operating as usual. In this uncertain time, with more distractions and in some cases, interrupted workflows or informal technology practices, organizations are at an even greater risk of a data breach," added Gallagher. "These groups need to come together now more than ever to help prepare for a worst-case scenario."

"The findings from this study reinforce the importance of fostering a security-minded company culture," said Amanda Fennell, Chief Security Officer at Relativity. "It's imperative that companies prioritize embedding security best practices in everything they do, and part of that is ensuring all employees—not just the IT and security teams—are armed with the tools and knowledge needed to protect themselves and their company against potential cybersecurity threats. People will always be our last line of defense in the ever-changing threat landscape."

To download a copy of the Data Breach Response survey results, please click here. For more details about the survey, as well as Special Counsel or Relativity, please visit our websites at www.specialcounsel.com and www.relativity.com.

Survey Methodology

The survey was conducted by Special Counsel. The data was collected from 503 respondents in the U.S.; 251 technology decision-makers at organizations of at least 500 employees, and 150 lawyers and 102 paralegals who work in the legal department of a corporation. The survey was fielded using the Qualtrics Insight Platform, and panel was sourced by Lucid. Fielding was executed in September and October 2019.

About Special Counsel

At Special Counsel, we are a leading provider of legal consulting, attorney recruiting, legal talent, legal technology and eDiscovery solutions, with a growing international footprint. But there’s more to being a leader than having tremendous size and scale. Our strength comes from our ability to partner with clients to create solutions on a case-by-case basis. It comes from our gift for fostering, furthering and promoting the expertise of our people. And it comes from our commitment to doing business with transparency, flexibility and integrity. That’s what sets us apart. That’s what makes us Special. To learn how we can help you, visit specialcounsel.com.

About Relativity

At Relativity, we make software to help users organize data, discover the truth, and act on it. Our e-discovery platform is used by thousands of organizations around the world to manage large volumes of data and quickly identify key issues during litigation, internal investigations, and compliance projects. Relativity has over 180,000 users in 40+ countries from organizations including the U.S. Department of Justice, more than 70 Fortune 100 companies, and 198 of the Am Law 200. RelativityOne offers all the functionality of Relativity in a secure and comprehensive SaaS product. Relativity has been named one of Chicago's Top Workplaces by the Chicago Tribune for nine consecutive years. Please contact Relativity at sales@relativity.com or visit http://www.relativity.com for more information.