Cybersecurity, Data Protection Top Litigation Concerns | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Cybersecurity, Data Protection Top Litigation Concerns

by Chris Brook on Thursday June 9, 2022

Contact Us
Free Demo
Chat

A survey of in-house counsel at organizations worldwide suggests cybersecurity and data protection disputes were top of mind in 2021.

A smattering of new data protection laws, an influx of remote workers, and an increase in cyberattacks appear poised to drive a new wave of cybersecurity litigation over the next few years.

That’s at least according to legal professionals whose opinion was sought for a recent survey on litigation trends.

As part of its annual survey, global law firm Norton Rose Fulbright asked more than 250 general counsel, ranging from large organizations to small boutique startups what the largest challenges their teams faced.

On the legal front, chief among respondents’ concerns were cybersecurity and data protection issues, many stemming from a new, largely remote workforce.

While having scores of employees working from home wasn’t a new thing in 2021 – for many organizations it was widely introduced and, in many cases, mandated in 2020 in the wake of the COVID-19 pandemic – the concept became more fully entrenched in workplace culture last year.

In fact, two thirds (66%) of litigation leaders asked said they felt more exposed to cybersecurity and data protection disputes in 2021, up from 44% of respondents in 2020. Only 4% of respondents said they felt less exposed to potential data protection disputes last year.

To blame, general counsel cited the increasing complexity of attacks, diminished oversight of employees and contractors in remote environments, and in some cases, the sheer amount of client data they find themselves responsible for managing.

Respondents who didn't feel like they were concerned about a possible dispute involving cybersecurity and data protection last year said their organization either increased resources devoted to protecting data and shoring up their cybersecurity or had trust in their IT department.

To help, organizations have also implemented encryption tools to better regulate, restrict, and monitor access and deployed cybersecurity training to train employees about the danger of phishing and social engineering attacks. They're also conducting internal reviews to ensure their organization is staying on top of changing data protection regulations.

The findings aren’t too surprising given recent legislative movements.

In the financial world, awareness is up around the legal requirements of organizations after the Federal Trade Commission, the Federal Deposit Insurance Corporation, and the U.S. Securities and Exchange Commission recently made moves to tighten up incident reporting of late.

Earlier this year, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act into law, something that obliges many organizations to report ransomware payments and cyberattacks within set time frames.

Failure to do so, especially if a breach has occurred, could sting but also leave a lasting impact on an organization if they haven’t done their due diligence around safeguarding their workers and the data they handle.

Tags: Data Protection, Legislation

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.