Story image

Legal tech profession has its head in the sand over China’s new cybersecurity law, survey finds

01 Mar 2017

China’s new cybersecurity law may have passed three months ago, but 75% of legal technology professionals aren’t even familiar with it.

Those statistics come from a survey conducted by global legal consulting firm Consilio, which surveyed 118 legal tech professionals at a conference in New York last month.

The new law, which be enforced from June 2017, will require all organisations doing business in China to localise their data in the country. This includes data that may contain sensitive information or state secrets.

The survey found that only 14% of respondents are ‘very concerned’ about the new law.

Those organisations that don’t comply will be liable for financial penalties, including a ban from conducting business in Mainland China, or even criminal penalties, imprisonment and the death penalty for extreme cases. 

57% of respondents said that in the last two years, they had at least one legal matter such as government or internal investigations, litigation or M&A which had ‘touched’ China in some way. 

27% said they knew of at least legal matters involving China and their own organisations in the last two years. 8% had between five and nine matters; 22% had between one and four matters; and 25% said they had none.

“China is now the world’s second largest economy, and for global corporations and those that aspire to be global, it is critical for them to have a full understanding of the data requirements and regulatory landscape of that region,” says Dan Whitaker, Consilio China’s managing director.

“Since 2012, cyber walls have been going up in multiple regions around the world, and as countries continue to create new regulations, organizations must continually educate themselves on the quickly evolving nuances of data privacy laws in every jurisdiction, specifically as it relates to the ability to move data in and out of the countries in question,” he explains.

24% of respondents said they were ‘somewhat familiar’ with the new law, while only 2% said they were ‘very familiar’ with it.

Despite the unfamiliarity with specifics, 52% respondents said they have at between 1-25 legal resources and/or people dedicated to international data privacy regulations and compliance. 14% have no individuals assigned.

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.
65% of manufacturers run outdated operating systems – Trend Micro
The report highlights the unique triple threat facing manufacturing, including the risks associated with IT, OT and IP.