Chapter 6 - Cybersecurity and the Office of the General Counsel


The General Counsel can be an important force in mitigating cyber risk. This chapter provides a roadmap for playing that important role both proactively and reactively, and for doing so in conjunction with the organization’s CISO, while helping to build support from the C-Suite and Board of Directors.

Key Ideas
  • The General Counsel and General Counsel’s Office can play an important role in addressing organizations’ cybersecurity risk, both proactively and reactively. Cyber risk is such a dynamic and complex risk area that a GC should embrace the role and see it as an important contribution to their organization.

  • This role differs from and complements the CISO’s role because the GC is consulted on many business decisions that the CISO is often not consulted on, including legal and regulatory compliance, corporate governance, investigations, mergers & acquisitions, contracts with third parties, new product reviews, engaging and terminating employees and contractors.

  • The basic functions that all GC’s Offices should own are following and driving compliance with
    1. rapidly changing legal, regulatory and contractual cybersecurity requirements (which often vary by business sector); and
    2. evolving conditions to protect sensitive information under legal privilege or attorney work legal doctrines.

  • The advanced roles that GC’s Offices should play, including
    1. playing an active role in their organization’s understanding of cyber risks it faces and voicing those risks to senior management;
    2. driving incident preparation including, improving incident response plans and helping to run tabletop exercises;
    3. co-leading incident responses with the CISO during breaches;
    4. leading post-breach assessments; and
    5. overseeing proactive cyber risk assessments.

  • By playing these roles actively, the GC and GC’s Office can significantly improve the cyber risk posture of their organizations.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity


| 703-907-7090


| 2500 Wilson Blvd, #245
Arlington, Virginia 22201


ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.