A new ACC Foundation survey examines the increased role CLOs lead in cybersecurity governance, risk and mitigation, and board communication.

WASHINGTON, D.C. – The Association of Corporate Counsel (ACC) Foundation released “The 2025 State of Cybersecurity Report: An In-house Perspective,” showing that globally, CLOs are quickly becoming integral leaders in cybersecurity strategy, holding leadership positions, and frequently reporting cybersecurity strategies to the company board. The results are based on a survey of 278 in-house legal professionals across 16 countries and 20 industries.

According to the ACC Foundation, the changes reflect a pivotal shift and recognition for the increasing legal and governance aspects of cybersecurity, making the CLO role essential for managing operational risks, incident response, liability, reputation management, and business continuity.

“Businesses today understand that cybersecurity is a significant, organization-wide threat with large-scale reputational, operational, legal, and financial implications,” said Veta T. Richardson, President of the ACC Foundation and President & CEO of ACC. “As a result, the ACC Foundation’s 2025 State of Cybersecurity Report clearly shows the rapid expansion of Chief Legal Officers (CLOs) and their teams being involved to lead and help navigate the complex terrain of cyber-related preparation, deterrence, and response.”

Key survey findings include:

Half of CLOs (50%) report they are part of a team with cybersecurity responsibilities, even when they do not hold a specific leadership position in that area.

An overwhelming majority (93%) of organizations have a member of the legal department as part of an incident response team. The CLO is a member in 73 percent of cases.

38% of CLOs are now in a leadership role regarding cybersecurity responsibilities, up from 15% in 2020.

32% of organizations have at least one dedicated cyber lawyer on staff, up from 18% in 2020.

CLOs identified phishing and social engineering, data breaches, ransomware, fraud, and lack of awareness as top concerns of AI (artificial intelligence) powered cyber threats.

“The ACC Foundation’s Cybersecurity Report serves as a call to action for in-house counsel to embrace their expanding role, develop their cybersecurity expertise, and proactively address the legal and regulatory challenges presented by this ever-evolving threat landscape,” said Jennifer Chen, Executive Director of the ACC Foundation. “By taking a leadership role in cybersecurity, in-house counsel can protect their organizations from significant financial, reputational, and legal harm, ensuring business continuity and building a more resilient future.”

Additional report highlights include:

A large majority (95%) of organizations surveyed now require mandatory cybersecurity training, compared to 62% in 2018.

More than one in three (38%) of legal departments are playing a more active role in third-party risk management compared to 31% in 2020.

A substantial portion (83%) of organizations now actively evaluate their vendors for cyber risk, up 74% since 2020.

Reputational damage, liability and litigation, and business continuity threats are the top three concerns for CLOs navigating cybersecurity threats.

The report is available here.

