In-House Counsel’s role in boosting cyber security in Australia

In-House Counsel’s role in boosting cyber security in Australia is vital. Defining In-House Counsel’s role in cyber security for each organisation is vital. This ensures legal input can help shape the organisations policies and processes moving forward. In-House Counsel’s are not your security team. Learn more about their role in cyber security below from this Lawyers Weekly snapshot below. 


cyber security


  • In-House Counsel’s are not responsible for the implementation of technical standards to improve organisations cyber security posture. Rather their role is to monitor the legal risks and ensure that their organisation adheres to its legal obligations.
  • In-House Counsel’s should determine cyber security obligations, ensuring organisations can practically adhere to them in their policies and processes.
  • For organisations with an international presence, the complexity of compliance obligations increases, including complying with GDPR if based in Europe.
  • In-House Counsel’s role is evolving to include a commercial perspective on law application and interpretation, which requires an international view on data management (e.g. overviewing cloud based data management).


In-House Counsel’s are not your security team

A Unisearch expert has underscored it is not up to in-house counsel to be the cyber security team but outlined how they could strengthen their organisation’s cyber security measures.

Lyria Bennett Moses, director at UNSW Allens Hub for Technology, Law and Innovation, said ahead of the Corporate Counsel Summit 2023 that it is not the role of in-house counsel to implement technical standards to improve their organisation’s cyber security posture.

Rather, the legal department could monitor the legal risks to ensure that their organisation complies with its legal obligations.

“Now, what those obligations are, is going to depend on the nature and size of the organisation,” she told Lawyers Weekly.


In-House Counsel’s determine cyber security obligations

For example, in-house counsel would have to determine whether the organisation is obligated to comply with the Security of Critical Infrastructure Act (SOCI Act) as this carries its own risk management requirements, and as such, be involved to ensure compliance with the legislation.

Small-to-medium enterprises (SME) will most likely have to comply with the Privacy Act both in terms of their day-to-day handling of data and designing their plan of action if and when a data breach occurs, and how they would comply with their obligations under the notification regime, Ms Bennett Moses said.

For organisations that have an international footprint along with an Australian presence, she said the complexity of compliance obligations would potentially increase.

“We did a research project looking at regulation in the cloud sector,” she explained.

“If you work with an international cloud service provider and look at how you store data securely and your compliance obligations, it’s basically everything. You have to comply with GDPR if you’ve got a European base, along with complying with Australian laws.”

Alongside this, law departments must also be cognisant of state law if their customers are state governments, Ms Bennett Moses said.

“In some cases, not only do you have to comply with the legislation, but also separate procurement obligations that sit inside the government, often with different requirements from those governments’ own legislation,” she mused.

“If you want them to have government departments as your customers, you not only have to comply with the law, you have to comply with the separately worded obligations. That means a lot of organisations often have to do the same thing, but comply with 15 differently worded obligations relating to that thing.”

She also noted that one of the attractive features of the review of the Privacy Act is the idea of increased coordination and alignment between state and federal privacy legislation, which could reduce compliance burden.

Ms Bennett Moses’ comments preceded the Corporate Counsel Summit 2023 in May, where she and a panel of speakers will discuss what sector-specific cyber security obligations organisations need to be aware of, how to avoid contravening privacy laws, and how in-house counsel could collaborate with other departments in their business to improve cyber security measures.


Applying the law to your organisation

Joining her on the panel is Tala Bennett, partner and general counsel at Deloitte Australia, who told Lawyers Weekly that the function of in-house counsel is evolving to one that requires them to have a commercial lens on the application of the law.

“The legal team has to be across the legislative piece, but a broader role is to help craft their organisation’s policies and processes because you need to make it practical and applicable for your business,” she said.

“Taking the law and interpreting it properly so that it’s appropriate for your particular organisation is a key part of what we do. You have to be able to apply it to your own organisation, depending on the industry you’re in. That’s your job.”

Ms Bennett also encouraged law departments to look at international legislation around privacy, particularly regionally as well as in Europe.


Understanding international privacy laws

Having this international lens is important for organisations such as Deloitte, which has a global presence, she said.

“As we’re dealing with data going in and out of the country, especially as more organisations are offshoring services as well, it’s very important to have that international lens,” Ms Bennett said.

“The international legislative landscape is just one extra layer that needs to be understood. It can also be useful to understand what’s going on overseas because you can see what doesn’t work and what might be implemented going forward.”

To hear more from Lyria Bennett Moses and Tala Bennett about the role of in-house counsel in beefing up their organisations’ cyber security measures, come along to the 2023 Corporate Counsel Summit 2023.


About Greenfields Recruitment & Search

GREENFIELDS RECRUITMENT & SEARCH is a specialist in Head of Legal Executive Search, In-House Legal Counsel Executive Search, General Counsel Executive Search, Company Secretary Executive Search and Corporate Governance Executive Search & Recruitment firm.

We connect company secretary leaders with organisations who require company secretary services. Partnering with a diverse range of clients, from ASX listed organisations, non-listed organisations, multinationals, boutiques and not-for-profits across all industry sectors. Learn more about us here.


Submit a Comment

Your email address will not be published. Required fields are marked *

About Greenfields

Founded by Managing Director, Catherine Wolfe-Coote, Greenfields is a market leader in Legal, Company Secretary & Corporate Governance appointments. Having a capable, well-established team, we offer bespoke and agile services which do not fall into the traditional ‘agency’ or ‘head hunting’ categories.

We have a diverse portfolio of cross-sector clients including top ASX listed organisations, non-listed organisations, multinationals, small and medium size enterprises, and not-for-profits, making us well positioned to provide expert advice on remuneration, market trends and best practice across Legal, Company Secretary & Corporate Governance.

As a Diversity & Inclusion champion, we take pride in assisting organisations in achieving progressive goals. We strive to deliver balanced shortlists and adhere to robust policies on Diversity & Inclusion; Data Storage & Privacy; Workplace Health & Safety; Modern Slavery; and Environmental & Social Governance.

Known for our market knowledge, technical understanding, deep network and robust processes, Greenfields are regular contributors and sponsorship partners with the Governance Institute of Australia (GIA), the Association of Corporate Counsel (ACC) and the Australian Institute of Company Directors (AICD).

In-House Lawyers better placed to adapt to AI

In-House Lawyers better placed to adapt to AI

In-House Lawyers are better positioned for the adoption of artificial intelligence (AI) than private practice firms, according to legal influencer Alex Su. Learn why below from this article shared from Lawyers Weekly. THIS ARTICLE'S KEY TAKEAWAYS: Corporate or...

10 steps to increase Board Diversity

10 steps to increase Board Diversity

Board diversity, equity and inclusion (DEI) have become a top priority for boards due to the new guidelines from organisations and stakeholder pressures. There are 5 common barriers to board diversity and 10 ways to overcome these barriers. The following information...

Developing a global approach to sustainability reporting

Developing a global approach to sustainability reporting

Developing a global approach to sustainability reporting may require an adjustment to the local legal context when implementing global climate change reporting standards in Australia. Ensuring careful consideration with how climate disclosures interact with the...