In addition to helping make strategic business decisions, general counsel and chief legal officers are now often tasked with playing a leading part in a corporate cybersecurity and data privacy plan, according to the Association of Corporate Counsel's 2020 State of Cybersecurity Report.

The report shows that 71% of chief legal officers and general counsel play a leading role in crafting policy for how the company collects consumer data and its cybersecurity infrastructure.

Susanna McDonald, the chief legal officer and executive vice president of the ACC in Washington, D.C., said earlier in her career those responsibilities were solely dedicated to the information technology department. The shift in giving more digital responsibility to the general counsel and the legal department has been caused by a patchwork of evolving regulation.

"More and more business is being conducted online. It is every company's primary engagement with their suppliers, customers and employees," McDonald said.

The legal department as a whole is becoming more involved with data privacy and cybersecurity. Forty-nine percent of respondents indicated their legal departments take on additional responsibilities when it comes to data privacy and cybersecurity. Less than 1% of respondents said their legal departments would decrease their role over the next 12-24 months.

Those increased responsibilities for the legal department would be keeping an eye on changes in the regulatory environment and following how decisions by the regulatory agencies impact how the organization collects and uses data.

McDonald said in-house counsel are also becoming increasingly responsible for educating employees on best practices.

"It's an unfortunate reality that the biggest threat to an organization's cybersecurity is the employees themselves. It's important that the legal department and the IT department work closely to educate employees on how to prevent something like a phishing attack," McDonald said.

Just over 43% of legal departments with over 50 employees have at least one dedicated in-house cybersecurity counsel. Sixty percent of those respondents indicated that they have at least one lawyer who is responsible for coordinating cyber law strategy across the entire enterprise.

The remaining 40% of those respondents said they have a lawyer who focuses on one small aspect of cybersecurity, but on one who is responsible for an enterprisewide view of cybersecurity.

While general counsel and chief legal officers may play a leading role in cybersecurity and data privacy planning, they often do not have the final say, according to the report. Only 17% of respondents indicated the general counsel or chief legal officer oversees their company's cybersecurity and data privacy functions.

Many of the respondents indicated their companies have separate data privacy and cybersecurity functions. In those situations, 45% of respondents indicated the general counsel or chief legal officer oversees the data privacy function but not the cybersecurity function. The inverse of that is rare with only 1% of general counsel or chief legal officers overseeing cybersecurity and not data privacy.

The report surveyed 586 law departments across 36 countries and 20 industries.