• IUB Newsroom »
• Cybersecurity becoming a pervasive part of legal culture, IU Maurer School of Law study finds

Cybersecurity becoming a pervasive part of legal culture, IU Maurer School of Law study finds

• Feb. 19, 2015

FOR IMMEDIATE RELEASE

BLOOMINGTON, Ind. -- Cybersecurity is becoming an increasing part of the legal field, according to a new report published today by the Indiana University Maurer School of Law. The report, prepared by the Hanover Research Corp., focuses on the role of corporate legal departments in addressing cybersecurity challenges.

From the growing threats of cyberattacks to a lack of practitioners qualified to handle cyber-related issues, the report finds that cybersecurity law is an area ripe for future growth and points to the need to educate and train both current and future attorneys.

Prior surveys have shown that “data security” was the No. 1 issue for corporate directors that “keeps them up at night,” but this is the first to explore in detail the role of corporate lawyers in helping industry prepare for and respond to cyberattacks.

Among the study’s key findings are:

• Cybersecurity is a growing priority for legal practitioners. Of the corporate law departments surveyed for this study, over half rate cybersecurity as a “high concern.”
• There is a shortage of lawyers prepared to address cybersecurity issues. The study found that the supply of lawyers knowledgeable about cybersecurity is inadequate to meet current, much less future, needs. Multiple large law firms have formed cybersecurity practice groups, some areas may even be experiencing a shortage of qualified practitioners, and experts expect the field to continue to grow.
• Cybersecurity has become as much a legal issue as a technical one. Given the fragmented legal framework for data security and privacy issues, organizations must be aware of a “quilt” of laws and regulations they may be subject to; this is largely the purview of legal counsel. Working in coordination with IT professionals, managers and other parts of the corporation, lawyers must play a role in designing the procedures, training and risk assessments required to implement managerial, operational and technical controls needed to protect data.
• Corporate counsel are intimately involved in cybersecurity. Sixty-one percent of lawyers surveyed reported that they are “moderately” to “extremely” involved in their company’s cybersecurity efforts. Only 9 percent reported no involvement. The nature of that involvement is changing as well to include not merely responding to cybersecurity incidents but planning against such crises. Among the corporate law departments surveyed for this study, nearly 70 percent report proactive involvement in cybersecurity.
• Improving cybersecurity education for corporate lawyers is a critical need. Sixty-nine percent of respondents reported that improving formal education on legal aspects of cybersecurity is either “very” or “extremely” important. Experts interviewed as part of the study suggested that such training should encompass both the legal and technical aspects of cybersecurity, to enable lawyers to “ask the right questions” of IT professionals and technical experts.

“The study confirms what we have long believed: that security threats are a critical and growing issue for all businesses, and that well-trained lawyers are a critical tool in the fight against those threats," said Austen L. Parrish, dean and James H. Rudy professor of law. "The Maurer School of Law has unique capabilities and an exceptional program so that we can do our part in helping to prepare those lawyers.”

The Maurer School of Law offers the nation’s leading and most respected curriculum in cybersecurity and information privacy law. Maurer, together with other units of Indiana University, has been recognized by the federal government as a National Center of Excellence in Cybersecurity Education and Research.

“Cybersecurity is too often thought of as merely a technological issue, when in reality fighting cyberthreats requires a broad-based approach that includes law, economics, international relations and many other disciplines as well,” said Fred H. Cate, distinguished professor of law and founding director and senior fellow at IU’s Center for Applied Cybersecurity Research. “This was the vision IU President Michael McRobbie articulated when he created the Center for Applied Cybersecurity Research in 2002, and as a result Maurer is a leader in preparing law students to work in this rapidly growing field.”

The law school is currently seeking approval to offer the nation’s first graduate certificates in Cybersecurity Law and Policy and in Information Privacy Law and Policy.

The Hanover study involved both a survey in November 2014 of attorneys in corporate law departments and in-depth interviews with lawyers, consultants and academic experts in cybersecurity. For further information, contact Fred H. Cate at fcate@indiana.edu or 812 855-1161

Related Links

• Maurer School of Law