April 18, 2017
The General Counsel: A Sherpa or Scapegoat for the C-Suite?
By Heather D. Nevitt, Executive Editor of Corporate Counsel and Inside Counsel and Editor in Chief of Texas Lawyer
As general counsel in a large company, your environment is fast paced and ever-changing. Words like “disruption” or “evolving landscape” are often used to describe the current legal industry. Take this atmosphere and then add into the mix the albatross of cybersecurity — and there in the middle of the swirling storm, you will find the GC.
This storm is very much on the minds of legal department leaders when discussing the new and challenging responsibilities now placed on the heads of in-house counsel. In this volatile environment, a GC is not only the legal leader of a company, but she is also required to be a strong business leader, a master of compliance and risk, a corporate strategist, and a protector of data — a kind of Sherpa for the C-Suite to guide and protect the company on the hike to the summit.
But most lawyers don’t also have an MBA or an IT degree to help them succeed in these various roles. Companies now want their legal advisor to guide the business up the dangerous mountain path to growth and profitability, but they also have to make sure they keep all their fingers and toes. We all know the saying, “With great power, comes great responsibility.”
This was never as apparent as with the recent news regarding Yahoo’s 2016 public disclosure of two massive data breaches that took years to disclose, culminating with the widely reported resignation of Ron Bell, Yahoo’s GC. Yahoo’s legal department took the brunt of the blame for the company’s cybersecurity problems and many in the legal industry feel that this should serve as a wakeup call for in-house lawyers.
Was Bell a scapegoat for a larger problem in the company? Or ultimately responsible as the leader of the legal department and integral part of the business team? Bell’s resignation in connection with the data breaches should be a signal to in-house counsel that jobs may be on the line as a result of cybersecurity issues, said Edward McAndrew, a partner at Ballard Spahr and co-leader of the firm’s privacy and data security group. “In-house counsel are often best positioned to play leading roles in cyber-incident response, but they are often on the sidelines,” he said. “And that’s not a viable model anymore for anyone who wants to keep their job.”
And we don’t need the news to tell us this. GCs have consistently told me that they prioritize training on cybersecurity issues. Thirst for this content along with social media training, are must-haves for in-house counsel in today’s world. For many, this gap of knowledge is more like a crevasse, and is the leading cause of stress for in-house lawyers. Basically, it is a common answer to: “What keeps you up at night?”
So what can companies do to be proactive on this front? Possibly lean to committees to help with educating in-house lawyers — putting together roundtable panels of in-house leaders that have had first-hand knowledge of these topics. These kinds of discussions are a huge help in gaining insight into potential cracks or vulnerable spots in the company. GCs can candidly discuss with their colleagues how they have handled scary situations and share what worked in regards to prevention — and possibly what didn’t work and how to handle the aftermath. These types of colleague networks are invaluable to the GC and could potentially save a company from a nightmare scenario of being in a cybersecurity avalanche that has a company digging out of a mountain of problems for years.
So to all the GCs out there, it’s time to put on your parka and hiking boots, because even though the trek has beautiful vistas at the top, this environment is also steep, slippery and not one for the faint of heart.