While technology has permeated all of our work lives to levels never imagined, it is not everyone’s responsibility to be in control, manage or support it. While knowing about technology can in many cases make our jobs easier, understanding the intricate inner workings of Artificial Intelligence does not translate into corporate success.
In a recent KPMG report, Through the Looking Glass, the consulting firm cites IT as both the GCs’ biggest challenge and enabler. Picking up the baton from Exigent’s Global Managing Director Nicola Stott’s blog about the KPMG report, I’d like to focus on one of the five main attributes that are required of the GC of today and tomorrow: the ‘Technology Champion’ one. The KPMG report states that GCs must know more about technology now than ever before and that the biggest technical worry for a GC is cyber-attack. I’m almost certain that most GCs are more worried about what happens if their laptop goes down or Outlook stops working.
Of course, the threat from cyber-attacks is very real and dangerous from a corporate perspective. The reality is that the pace at which we are digitizing information is increasing by the day. This means more and more company information – whether inadvertently or through a malicious attack – can end up in the wrong hands. Across the globe, irrespective of industry, data loss – whether leaked, lost or stolen – is a genuine issue. The responsibility for this level of technology risk lies with the CIO or security officer, not the GC. As hackers become more sophisticated and attacks more prolonged, it is often (as it should be) a full time role just securing an organisation’s data from attack.
According to the latest Cyber Security Breaches Survey 2016, the average cost of a cyber attack for a small business is £3,100, rising to £36,500 for a large business, with a single breach last year costing one large organisation £3m. These costs don’t consider reputational damage or customers lost due to staff and resources diverted from the business to manage the incident. Real costs, therefore, are likely to be considerably higher. More than 65% of big businesses suffered an attack in the past 12 months, with a quarter experiencing a breach of more than one per month. Cyber criminals are becoming cleverer, sharing resources and ideas. To exacerbate the problem, the use of public cloud-based services, mobile email and the prevalence of free and pay-as-you-go public Wi-Fi, mean that technology alone will not prevent, or provide protection from, such attacks. Firms are acquiring and retaining more data, and therefore the risk is arguably greater than ever. The consequence of having vital information exposed within the public domain is a violation of your obligations and carries with it severe repercussions. What is more, it exposes your enterprise to litigation, fines and sanctions which translate to loss of market share and erosion of shareholder value, often irrevocably damaging brand and reputation.
With a potential force this strong against your organization, you can see why a GC should not be expected to understand and manage the threat from cyber-attacks. It is a specialist role that requires exceptional technical skills and knowledge, and the ability to focus on security alone from prevention through to remediation and recovery.
There’s a saying in the technology sector: “There are two types of company in this world, those who’ve been hacked and those who don’t know they’ve been hacked”. A GC trying to manage cyber security as well as the myriad other responsibilities within the business is simply putting more risk on the company by not enabling a specialist to take control.
Security is now a board level issue in most organizations, and, to that end, GCs do have a responsibility to understand the legal challenges around technology, especially when it comes to compliance. New data laws ruling what information can be stored and what must be destroyed, or password and social media policies, for example, would sit with a joint responsibility between the CIO and the GC. A GC should be expected to understand the framework of the law around IT, but not necessarily about the speeds and feed of the technology itself.
However, this does not mean GCs can afford to be technologically ignorant either. As the KPMG report points out, technology can be an enabler when used correctly. Organizations are striving for greater efficiencies, law firms are trying to change the secretary to lawyer ratio as a way of creating such efficiencies; and, when it comes to helping us do more with less, technology excels. Tasks that are repetitive and laborious, reducing precious time and resources that could be better spent on more valuable tasks, can be given to technology to accomplish. Managing workflows and records, email filing and contract management can all be taken care of with the help of the right software. While a GC cannot possibly be expected to know all of the applications available with legal management in mind, having a holistic view across the business, and a good relationship with the CIO, can ensure the right technology is researched and deployed.
Best online resources to keep up to date with IT
Leading technology news site that is business focused. Not overly technical and often covers public sector as well as private sector technology news and projects.
Tongue in cheek; often launches breaking news in the technology sector. Widely read, although sometimes best with a dash of salt. Tagline = biting the hand that feeds IT.
US site covering news, reviews, start-ups and consumer products; worth reading to see the latest consumer gadgets that could impact your business.
General news sites with a technology spin; focusing more on the business of tech, rather than the technology itself. Easy to understand and a good place to start.
Legal-focused technology news site, covering all aspects of the technology in the legal world.
Wayne Ramsay is Exigent’s Chief Operating Officer. With a reputation as an enabler for change within the global legal services space, Wayne manages business risk and executes transformational projects globally across the entire business.
His blogs on ‘Innovation for GCs’ will be published on a regular basis. Sign up today (use form on the right) to receive the next blog in your inbox as soon as it’s published.