What CLOs Want CIOs to Know About Digital Risk

Modern chief legal officers are responsible for navigating an intricate regulatory landscape, geopolitical uncertainties and rapid technological advancements, all while fielding a range of legal issues, including a growing volume of complex litigation and investigations and data challenges. As they address these nuanced and evolving digital risks, CLOs increasingly need the support and partnership of their organization’s chief information officers and IT leaders. 

The ACC CLO Survey revealed numerous trends and developments that indicate a need for increased collaboration between legal and IT departments. The top takeaways for improved CLO and CIO collaboration include the following. 

Siloes between legal and IT

This year, fewer CLOs said that increased collaboration with IT would improve business outcomes than in previous years. One interpretation of this finding is that it suggests a widening gap between the two departments — an issue that many legal operations, e-discovery and information governance experts have observed in practice. 

Disconnect between the CLO and CIO stands counter to an organization’s ability to effectively address data-related challenges and mitigate risks across the many areas for which legal is often responsible: litigation readiness, e-discovery, regulatory compliance, investigations, data privacy, legal department technology transformation, etc. CLOs must understand the importance of strong collaboration with IT, and likewise, IT must understand the many ways their approach and decisions may impact the legal and regulatory obligations of the company. 

Digital risk readiness 

One-third of CLOs report being significantly more prepared to handle data-related risks compared to three years ago. While this represents notable progress, it also indicates that approximately two-thirds of organizations remain insufficiently prepared or have yet to make substantial advancements toward readiness. Where preparedness improved, these gains were due to an increased recognition of data-related risks, as reported by 92% of CLOs this year. 

Additionally, CLOs reported proactive measures their organizations have taken, which include implementing technology solutions (52%), developing comprehensive data management strategies (41%) and hiring dedicated data privacy or compliance officers (17%). When asked what steps they have taken to improve compliance, data privacy and legal defensibility, 41% of CLOs said they have implemented a comprehensive data management strategy. 

These figures underscore the importance of proactive attention to addressing digital risk through robust information governance, privacy and security programs. The findings underscore the necessity for legal, IT, compliance, privacy and related departments to collaborate efficiently in formulating governance strategies that are both robust and adaptable, enabling ongoing enhancement in response to the evolving data landscape. 

Data complexities are driving challenges and cost in litigation and investigations 

Forty-two percent of CLOs report increased volume of litigation and 44% have seen external investigations increase. Regarding complexity of these matters, 38% say litigation is more complex; 31% said the same of internal investigations and 21% said so of external investigations. This complexity is translating to higher costs, with 60% of CLOs noting their organization has experienced increased litigation costs. 

Regulatory enforcement action impacted 23% of organizations over the past year, according to CLOs surveyed. Respondents expressed the greatest concern with industry-specific regulatory enforcement (72%), followed by labor and employment-related issues (37%) and third-party risk management enforcement (35%). Larger companies were more worried about AI regulatory enforcement (26%).

With data directly affecting outcomes and challenges in disputes and investigations, CLOs need to place greater emphasis on reducing their digital risk. For maximum impact, this will require the IT department’s understanding and buy-in regarding how data practices exacerbate cost and complexity within legal processes, and close collaboration between the two groups to effectuate long-term improvements. 

Related topics:

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.