Into the breach: The state of cyber security

The golden days when information was held only in hard-copy format, and in secure file rooms, is well and truly over. In those times, data breaches would have been hard to come by, as deliberate breaches would have required breaking into a secure filing room – a bold and risky endeavour.

Today’s businesses, both large and small alike, increasingly store most (if not all) of their company data online, either on their own servers or on third-party servers via “cloud” storage. That data will often include not only that business’s own sensitive information, such as trade secrets, but also the sensitive information of their customers.

In late 2015, the Association of Corporate Counsel released the “State of Cybersecurity Report” (Report),[1] which was based upon the survey responses of 1,015 chief legal officers, general counsel and assistant general counsel around the world.

According to the Report, one in four respondents reported experiencing a data breach in the last two years. In the healthcare industry, 56% of respondents said they had experienced a data breach at their current or former employer. In the insurance industry, that statistic was reported to be 36% of respondents. The statistics are sobering, particularly when considering the vast amount of personal information that customers store with their industry providers, and considering that the statistic does not include the data breaches that go undiscovered.

Once sensitive information is stolen, or otherwise lost or misappropriated, it can have far-reaching and costly effects for both the businesses involved and the customers whose information has been stolen. In this regard, on a corporate level, data breaches can result in media reports, brand and reputation damage and loss of clients. On a personal level, data breaches can result in identity theft, loss of finances, and significant difficulty and time spent attempting to recover and secure personal information.

Some further key findings of the Report include:

  1. Employee error is the primary cause of reported breaches;
  2. Almost one in three in-house counsel have experienced a data breach at either their current or former employer;
  3. Cybersecurity insurance is on the rise, both in respect of policies being taken out, and amount of cover being provided;
  4. Only one in four respondents said that their company has retained a cybersecurity provider to monitor their systems;
  5. Only one in three respondents said that they have retained outside counsel to assist in the event of a data breach.

Waiting until breaches occur, to protect costumers’ data, is no longer an option. This is particularly true when the longer you wait, or when a breach goes undiscovered, the more damage can be done to both your business and your customers. Businesses should, therefore, ensure that they have taken adequate pro-active steps to ensure that:

  • Employees undergo mandatory training and, if possible, are regularly tested or audited to ensure compliance with cybersecurity standards;
  • Cybersecurity providers have been retained to implement appropriate safeguards around systems, and to audit and monitor them regularly;
  • Cybersecurity providers are required to notify the business in the event of a data breach;
  • Outside counsel is retained to assist in the event of a data breach;
  • Businesses give serious considerations to taking out cybersecurity insurance to assist in the event of a breach, which could result in serious financial damage.

Whilst the above steps will not necessarily prevent a data breach from occurring, they may assist a business to react more quickly by recovering data and potentially save costs.

[1] The State of Cybersecurity Report can be purchased at A free report summarising the key findings can also be downloaded.

Related News

What happens if you, as an insurer, have not yet concluded whether or not to indemnify an insured, and a third party commences Court proceedings against your insured (with the indemnity decision still pending)?

When these types of claims arise, an insurer (and its panel firm) can continue to act for an insured on a “reservation of rights” basis.

Read More

Can you sue if a “registered” company is “in liquidation”, “under administration” or has become “deregistered”? 

It is common to see Court proceedings commenced in the name of an individual or against an individual.   But sometimes, Court proceedings are commenced by

Read More

The Briginshaw-test

Did you know that the Briginshaw-test requires a higher standard of evidence in civil matters where serious allegations are made, such as fraud. This principle

Read More

Get in touch

Contact our team today

Stay informed

Keep up-to-date with our regular news and insights

This field is for validation purposes and should be left unchanged.
William Roberts Lawyers


Level 22
66 Goulburn Street


Level 21
535 Bourke Street


Level 8
300 Ann Street


Level 19
Singapore Land Tower
50 Raffles Place