INSIDE. 2 Introduction 12 Conclusion 4 6. How Prepared Are Corporate Law Departments?

Similar documents
GENERAL COUNSEL UP-AT-NIGHT REPORT

ALM Intelligence and Morrison & Foerster are pleased to announce the publication of the second General Counsel Upat Night

Managing reputation risk. Laura Toni, Deloitte Romania November 28, 2014

2008 BUSINESS RESILIENCY SURVEY RESULTS:

Tabletop Exercises. for Cybersecurity. Maintaining a healthy incident response. White Paper. By Michael Everett, Security Analyst

Corporate Law Department Information Governance Survey SURVEY RESULTS. hbrconsulting.com

Enterprise compliance Acting on today s risks to avoid tomorrow s crises

Transparency in the digital age: companies should talk about their cyber security

The board s role in confronting crisis

Security and risk governance. An operational model

Fraud Investigation & Dispute Services. Forensic analysis and global experience: the intelligent connection

Company Secretary Survey

The Urbis Academy Trust Risk Management Strategy

SCREENING PROCESSES AND INTERNAL CRIME IN THE AUSTRALIAN LEGAL INDUSTRY

Citizens Property Insurance Corporation Business Continuity Framework

BCM Lite a quick and easy guide to BCM for beginners and/or small businesses

Certified Identity Governance Expert (CIGE) Overview & Curriculum

Risk Advisory Services Developing your organisation s governance for competitive advantage

2017 Healthcare Compliance Benchmark Study

THIRD-PARTY REMOTE ACCESS: CHALLENGES FOR ENTERPRISES AND TECHNOLOGY VENDORS

investigative consulting services

BUYER S GUIDE CRISIS COMMUNICATIONS

The Role of the VMO in Regulatory Compliance Planning, Due Diligence and Contract Negotiation

KPMG Enterprise and Fairfax Media Growth 2.0 Report

Internal audit insights High impact areas of focus

Emerging Technology and Security Update

Global Content Strategy

Securing Intel s External Online Presence

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

GOVERNANCE AND RISK COMMITTEE Terms of Reference

Collective Stewardship for a Stronger Ontario A SURVEY OF ONTARIO S ECONOMIC LEADERS

A robust and systematic review.

How To Run Your In-House Legal Department Like a Profit Center

Incident Management Framework. Part One: Overview and Policy. Final Draft. other plans. incident management framework. business as usual (BAU)

Submission to CSIRO Independent Investigator for Allegations of Workplace Bullying and Other Unreasonable Behaviour

Sub-section Content. 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx

Top 10 pitfalls to avoid when re-inventing your disaster recovery program

The Trademark Ecosystem: Insights from Intellectual Property Professionals around the World

The National Improvement Strategy for Policing. A Consultation Draft Version 1.1

Create your ideal data quality strategy. Become a more profitable, informed company with better data insight

IT Governance and the Audit Committee Recognizing the Importance of Reliable and Timely Information

Meeting stakeholder expectations strategies for responding to the challenges. Mark Stock, Partner PwC

Big Data, Better Vision: The Agile CFO

Thomson Reuters Elite case study. Arnall Golden. Teaming with Thomson Reuters Elite for Advanced Enterprise Relationship Management Solutions

Revenue synergies in acquisitions In search of the Holy Grail

INTEGRATED RISK BUSINESS CONTINUITY CYBER-SECURITY THE RESILIENCE FACTORS THAT DRIVE YOUR REPUTATION

Resource Management 2.0 The Next Chapter of Just-in-Time Resourcing

PRSA Code of Ethics: Preamble

NATURAL DISASTERS AND THE WORKPLACE

29th Annual Board of Directors Study 2002

State of Sustainable Business Survey 2014

Increasing the Intensity and Effectiveness of Supervision

A Guide to Business Continuity

Data Governance. Data Discovery.

International Bar Association Business and Human Rights Working Group 4 th Floor, 10 St Bride Street London, EC4A 4AD United Kingdom.

Business Resilience: Proactive measures for forward-looking enterprises

Business Partners: Pragmatic Steps to Managing Your Clients Compliance and Litigation Risk

Protecting your critical digital assets: Not all systems and data are created equal

Compliance digitalization The impact on the Compliance function. Deloitte Risk Services April 2016

29th Annual Board of Directors Study 2002

Spend Analysis. The Business Case

Applying Technology to Information Governance

Enhancing Audit Committee Excellences through Internal Audit. 21 November 2017

Creating a Risk Intelligent Enterprise: Scenario planning and war-gaming

Thomson Reuters: Anti-Money Laundering Survey Insights

Why Hiring the Right CISO is so Hard And What You Can Do About It

Enterprise Risk Management Report 2018

INTERNAL AUDIT DIVISION REPORT 2018/134

FORBES INSIGHTS RESEARCH REPORT ON THE FUTURE OF MARKETING. Marketing Operations is the Key to Success. In association with:

The Social Marketer vs. the Social Enterprise Social media in financial institutions is in transition.

In Search of Predictable Legal Budgets:

Fraud and corruption When an investigation is also a crisis. Andrew Macintosh Associate Director

PAPER CX Governance. CX Governance. Align your organization around a unified CX objective to achieve better business results. MARITZCX.

Generating value within the Risk Ecosystem Risk powers performance

Ready or Not: SMBs and the GDPR

The State of Business Agility 2017

The Age of Agile Solutions

pwc.co.uk Crisis management

Three steps to drive integrated care, faster. Start your transformation journey with the end in mind

Ready for GDPR? Five steps to turn compliance into your advantage

JAPAN BANKING & CAPITAL MARKETS

GDPR Compliance Services. Data Privacy and Security Management Services

WHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY

Keys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits

How to move from crisis response to crisis management

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Brought to you by the publishers of COMPLIANCE WEEK

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

Information governance for the real world

PORTFOLIO OF SERVICES

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace.

Getting fit for the future

WHITE PAPER. Annual IIoT Maturity Survey. Adoption of IIoT in Manufacturing, Oil and Gas, and Transportation

Critical Steps to Prepare Your Business for Sale

The Path to Digital Transformation. A Roadmap for Business Success

Structured Products Guidance from the FSA

Automated Service Intelligence (ASI)

BRINGING LEADERSHIP TO THE FORE: HOW ORGANIZATIONS IN CHINA ARE MANAGING TALENT IN THE DOWNTURN

Irish SMEs going for growth SME Pulse Survey

TOP 6 SECURITY USE CASES

Transcription:

INSIDE 1 A Message From Morrison & Foerster s Global Risk & Crisis Management Chair 7 How Prepared Are Corporate Law Departments? 2 Introduction 12 Conclusion 4 6 Risk and Crisis Management: An Emerging Challenge What Are the Greatest Concerns for General Counsel? 13 About the Authors

A MESSAGE FROM MORRISON & FOERSTER S GLOBAL RISK & CRISIS MANAGEMENT CHAIR In today s rapidly changing business world, companies must anticipate a growing range of serious risks, including those posed by complex regulatory environments, insider theft and misconduct, and cyber security incidents. Both in my practice at Morrison & Foerster and in my time in government, where I led the National Security Division of the U.S. Department of Justice and served as Chief of Staff to the Director of the Federal Bureau of Investigation, I have seen firsthand the full spectrum of challenges that companies must confront when these risks lead to a full-blown crisis. Based on my experience both as a government official and as an adviser to general counsel and other senior executives one lesson about crisis management has been reinforced time and again: The best way to manage a crisis is to plan for it. That sentiment is echoed in the findings of the inaugural General Counsel Up-at-Night Report published by Morrison & Foerster and ALM Intelligence. In an online survey of U.S.-based general counsel and in-house lawyers, law department leaders identified risk and crisis management as a significant concern for law departments. According to the survey results, one-third of companies have yet to take the necessary steps to implement a crisis response plan. Even at companies that have plans in place, general counsel overwhelmingly feel less than moderately prepared to respond to a crisis situation. This is understandable. The advent of new technology and proliferation of social media has dramatically increased the speed at which a crisis can spread, making an immediate and well executed response all the more imperative. In the pages that follow, we take a look at some of the reasons behind these concerns, including the role that law firms are playing in helping companies mitigate risks and anticipate potentially damaging crises. Morrison & Foerster s Global Risk & Crisis Management Group has decades of collective experience, across disciplines and industries, helping businesses prepare for the unimaginable. We help clients develop a multi-pronged strategic response that addresses litigation and regulatory risks, as well as brand and reputational risks. I hope that you will find this report valuable. If you have questions or need assistance with any of the issues discussed herein, please feel free to contact us. Best regards, John P. Carlin Chair, Global Risk & Crisis Management Morrison & Foerster jcarlin@mofo.com 1 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

INTRODUCTION In spring 2017, ALM Intelligence and Morrison & Foerster conducted an online survey of 200 U.S.-based general counsel and in-house lawyers to gain a better understanding of the demand for legal services, law departmental operational and sourcing strategies, and the approaches taken by law departments in confronting five issues consistently raised in our ongoing conversations with general counsel: Privacy and Data Security Risk and Crisis Management Regulation and Enforcement Litigation Intellectual Property The survey results identified risk and crisis management as a new area of concern among law department leaders, with 63% of respondents describing risk and crisis management as a significant concern for law departments (Figure 1). Figure 1 Most Significant Challenges Facing Law Departments 2 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

As illustrated in Figure 2 below, the three greatest areas of concerns with respect to risk and crisis management include: Cybersecurity Threats (57%) Potential Costs and Budgetary Impact (55%) Government and Regulatory Investigations (55%) Figure 2 Top Risk and Crisis Management Concerns In the sections that follow, we take a closer look at what specifically concerns law departments with respect to risk and crisis management, as well as how prepared in-house legal teams are to address a significant corporate crisis. 3 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

RISK AND CRISIS MANAGEMENT: AN EMERGING CHALLENGE The possibility of facing a corporate crisis is a major concern among general counsel. And for good reason. According to our survey, slightly more than one in 10 (11%) companies experienced a significant corporate crisis in the last 12 months. Although the survey did not explicitly define what makes a crisis significant, one may reasonably assume that a significant crisis is an event that puts the entire business enterprise at risk. With the potential consequences so severe, even a 10% chance that your company may experience a significant crisis should cause concern. At the very least, it underscores the need for careful preparation. Despite these concerns, law departments do not appear to be as adequately prepared to manage a crisis as they should be. According to our survey, slightly more than one-third of respondents (36%) indicated that their companies do not have a crisis management plan in place (Figure 3). In addition, one-third of respondents (33%) indicated that their company does not have a cybersecurity incident response plan (Figure 4). Figure 3 Companies With a Crisis Management Plan Figure 4 Companies With a Cybersecurity Plan 4 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

In addition, among the companies that have crisis management plans in place, many of those plans, although lengthy, do not address all of the key issues that commonly arise in the event of an actual crisis. As illustrated in Figure 5 below, just one in four companies (24%) include escalation procedures in their crisis management plans. As we will discuss later in this report, clear escalation procedures are vital to ensure a nimble response when every minute counts. In addition, only 24% of crisis management plans include emergency contact information for key stakeholders; 14% include draft communications documents; 5% include draft notices to regulators; and 3% identify contacts at law enforcement agencies. Most significantly, though, 30% of respondents indicated that their company s crisis plans do not include any of these essential components. Figure 5 Key Components of Crisis Management Plans 5 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

WHAT ARE THE GREATEST CONCERNS FOR GENERAL COUNSEL? When it comes to risk and crisis management, what specifically concerns law department leaders? In our survey, we asked respondents to rate on a scale of 1 to 10, with 1 representing least risk and 10 representing greatest risk, four categories of risks: Behavioral Risk actions taken by company employees Corporate Risk the impact on financial performance Informational Risk the impact on keeping proprietary and sensitive data Reputational Risk the impact on corporate brand and market reputation Respondents broadly agreed that, in the event of a crisis, reputational risk is of paramount concern. As seen in Figure 6 below, 74% of respondents identified the potential damage to the company s brand and market reputation as high risks. Beyond reputational risk, responses varied with respect to the perceived severity of the other risks to respondents organizations. Sixty-three percent rated the impact on financial performance as a high risk, and 49% identified behavioral and informational risks as high concerns. Figure 6 Categories of Risk 6 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

HOW PREPARED ARE CORPORATE LAW DEPARTMENTS? Time is of the essence when a crisis hits. The decisions made within the first hours even the first minutes after learning that a crisis has occurred will determine whether a company experiences a minor incident or a major business disruption. Indeed, the most effective way to manage a crisis is to think about it before it occurs. Inadequate Preparation In our survey, respondents generally felt that they could do more to mitigate the risks discussed above with better preparation. Nearly one-third (30%) of general counsel indicated that their companies were less than moderately prepared to handle a corporate crisis, with only 3% reporting that their companies were very well prepared (Figure 7). Figure 7 Crisis Readiness 7 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

The lack of confidence in the ability of law departments to handle a corporate crisis is not altogether surprising in light of three key findings: Lack of Advance Planning First, as illustrated in Figure 3 above, a significant number of companies have failed to do the necessary pre-crisis planning. As previously noted, more than one-third of respondents (36%) indicated that they do not have a crisis management plan in place. Failure to Test Plans Adequately Second, although a majority of companies have crisis management plans in place, an alarming number have not adequately tested their plans. Nearly one-quarter of respondents (23%) have never tested their plans. In addition, 30% reported that they test their plans on a less than annual basis. Figure 8 Frequency of Testing 8 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

Omission of Tabletop Exercises Third, and equally as alarming, a significant number of crisis management plans do not include a tabletop exercise in which their plan is put to the test with the senior executives and outside firms who would be involved in an actual crisis response. In our survey, almost four out of 10 respondents (39%) indicated that their companies have not staged a tabletop exercise as part of the testing processing. This oversight leaves companies at a disadvantage should they ever be faced with a real crisis situation. Indeed, the last time that you want to test the effectiveness of your plan is when you re facing an actual crisis. Figure 9 Companies That Include Tabletop Exercises in Crisis Planning Decision-Making Authority The components of crisis management plans vary from company to company. Our survey found, however, broad consensus exists with respect to who is empowered to make quick decisions in a crisis. As illustrated by the word cloud in Figure 10 below, respondents overwhelmingly indicated that their companies have vested senior leaders with decision-making authority. 9 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

Figure 10 Corporate Stakeholders Empowered as Decision-Makers That potentially raises some concerns. Crisis management experts recommend that quick and decisive action especially within the first 24 hours is one of most effective ways to mitigate the potentially negative impacts of a crisis. If only senior leaders are empowered to make decisions in times of a crisis, companies need to ensure that clear escalation procedures have been put in place. Otherwise, a small issue could quickly escalate into a major crisis while reports of the incident make their way up the channel to an official empowered to make a decision. As discussed earlier, only one-third of companies currently include the necessary escalation procedures in their crisis management plans. At the same time, a significant number of plans do not include contact information for key stakeholders, both within and outside the organization. Compounding the problem is the fact that a significant number of general counsel do not know whom to contact in the government in the event of a breach. According to our survey, nearly four in 10 respondents (39%) reported that they do not know the appropriate government contacts. 10 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

The Role of Law Firms and Other External Resources Given the various crisis scenarios that law departments need to anticipate, it comes as no surprise that many companies turn to external parties in developing crisis plans. When we asked survey respondents whether they seek external resources or counsel in developing a crisis management plan, 62% indicated that their organization receives external help in developing its risk and crisis management approach (Figure 11). Figure 11 Companies That Include External Resources in Crisis Planning While external resources or counsel were not defined in the survey, one may reasonably assume that this includes guidance from consulting firms and law firms in answering such questions as: Who is empowered within your company to make quick decisions? Who will speak to the media? What is the strategy for communicating with your board of directors and other internal stakeholders? How can you protect your company s most valuable assets? If business in disrupted, how can you quickly resume normal business operations? It is probably not surprising that these findings closely align with the number of respondents who indicated that their organizations have a crisis management plan in place. Put simply, companies that turn to law firms and other external resources in pre-crisis planning are in a better situation to respond quickly and effectively. 11 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

CONCLUSION Risk and crisis management is a significant concern for law department leaders. If not properly managed, a crisis has the potential to irreparably damage a company s brand and market reputation, adversely impact financial performance, undermine employee morale, and weaken data security. General counsel acknowledge the importance of advance planning when it comes to crisis management, but law department leaders are not confident in the effectiveness of their company s response plans. Law firms have a vital role to play in helping corporate law departments anticipate and prepare for a crisis. The most prepared law departments today are ones that include outside counsel and other key external experts in their crisis planning, testing, and response. 12 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

ABOUT THE AUTHORS About ALM ALM, an information and intelligence company, provides customers with critical news, data, analysis, marketing solutions, and events to successfully manage the business of business. Customers use ALM solutions to discover new ideas and approaches for solving business challenges; connect to the right professionals and peers to create relationships that move business forward; and compete to win through access to data, analytics, and insight. ALM serves a community of over six million business professionals seeking to discover, connect, and compete in highly complex industries. About ALM Intelligence ALM Intelligence supports legal, consulting, and benefits decision-makers seeking guidance on critical business challenges. Our proprietary market reports, rating guides, prospecting tools, surveys, and rankings inform and empower leaders, enabling them to proceed with confidence. About Morrison & Foerster We are Morrison & Foerster a global firm of exceptional credentials. Our clients include some of the largest financial institutions, investment banks, and Fortune 100, technology, and life sciences companies. The Financial Times has regularly named the firm to its lists of most innovative law firms in North America and Asia since publishing its Innovative Lawyers Reports in those regions. In the past few years, Chambers USA has honored MoFo s Privacy and Data Security, Bankruptcy, and IP teams with Firm of the Year awards, the Corporate/M&A team with a client service award, and the firm as a whole with the Global USA Firm of the Year award. Our lawyers are committed to achieving innovative and business-minded results for our clients, while preserving the differences that make us stronger. 13 Morrison & Foerster and ALM Intelligence GC Up-at-Night Report

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback