The role of legal directors in cybersecurity grows by 23%

The Association of Corporate Counsel (ACC) Foundation has released “The Cybersecurity 2025 Report: An Insider’s Perspective” which shows that globally chief legal officers are rapidly becoming key leaders in cybersecurity strategy by occupying leadership positions and frequently reporting on cybersecurity strategies to the company’s board of directors. The findings are based on a survey of 278 in-house legal professionals in 16 countries and 20 industries.

A fundamental shift in Cybersecurity leadership

According to the ACC Foundation the changes reflect a fundamental shift and recognition of the growing legal and governance aspects of cybersecurity making the role of the CLO essential to managing operational risk, incident response, liability, reputation management and business continuity.

“Businesses today understand that cybersecurity is a significant, organization-wide threat with large-scale reputational, operational, legal, and financial implications,” said Veta T. Richardson, President of the ACC Foundation and President & CEO of ACC. “As a result, the ACC Foundation’s 2025 State of Cybersecurity Report clearly shows the rapid expansion of Chief Legal Officers (CLOs) and their teams being involved to lead and help navigate the complex terrain of cyber-related preparation, deterrence, and response.”

CLOs taking on greater cybersecurity responsibilities

Key survey findings reveal that half of CLOs, 50%, report being part of a team with cybersecurity responsibilities, even when they do not hold a specific leadership position in that area. An overwhelming majority, 93%, of organizations have a member of the legal department as part of an incident response team, and in 73% of cases, that member is the CLO. Additionally, 38% of CLOs are now in a leadership role regarding cybersecurity responsibilities, which is a significant increase from 15% in 2020. Furthermore, 32% of organizations now have at least one dedicated cyber lawyer on staff, up from 18% in 2020. CLOs have also identified phishing and social engineering, data breaches, ransomware, fraud, and lack of awareness as the top concerns driven by AI-powered cyber threats.

“The ACC Foundation’s Cybersecurity Report serves as a call to action for in-house counsel to embrace their expanding role, develop their cybersecurity expertise, and proactively address the legal and regulatory challenges presented by this ever-evolving threat landscape,” said Jennifer Chen, Executive Director of the ACC Foundation. “By taking a leadership role in cybersecurity, in-house counsel can protect their organizations from significant financial, reputational, and legal harm, ensuring business continuity and building a more resilient future.”

Cybersecurity training and third-party risk management on the rise

Additional report highlights indicate that cybersecurity awareness and risk management are becoming increasingly prioritized. In this regard, a large majority, 95%, of organizations surveyed now require mandatory cybersecurity training, a significant rise from 62% in 2018. Moreover, more than one in three legal departments, 38%, are now taking a more active role in third-party risk management, compared to 31% in 2020. Likewise, a substantial portion, 83%, of organizations actively evaluate their vendors for cyber risk, marking a 74% increase since 2020. Consequently, reputational damage, liability and litigation, and threats to business continuity remain the top three concerns for CLOs as they navigate cybersecurity challenges.