The risk radar of a general counsel is understandably in constant motion. The COVID-19 pandemic still impacts the way businesses operate. And against that backdrop—in which public health and the global economy are at stake—general counsel need to prepare for and act on a broad array of challenges as they continue to forge ahead.
Considering the evolving legal, financial and operational challenges all organizations face, there is a broad array of topics to explore. This article highlights five critical areas that continually affect all industries:
- Cybersecurity, Data Privacy and Trade Secrets
- Employee attraction and retention
- Environmental, Social and Governance (ESG)
- Russia and its invasion of Ukraine
The risks discussed are often interconnected, but do not comprise a complete list. By calling attention to them and providing insight from leaders in the field, we intend to make this useful to the broadest possible group of general counsel and enable them to better protect their organizations.
Cybersecurity and Trade Secrets
Cybersecurity was already a top priority for companies before 2020, and the pandemic clearly exacerbated that risk, largely attributable to a quick shift to remote and hybrid work.
A November 2021 report published by Arctic Wolf surveyed more than 1,400 business leaders and IT decision-makers across the United States, United Kingdom and Canada. Of the companies who adopted hybrid work models, 74% of executives were not confident that their in-house IT and security teams had the capability or expertise to prevent cyberattacks, and 60% said that they believed their employees could not identify an attack in any work location.
Transcat, one of North America’s largest and leading calibration and compliance services providers, cannot risk any breach. That is why, in addition to safeguarding its products, the Rochester, New York-headquartered company also keeps its employees on alert.
General Counsel and Vice President of Corporate Development Jim Jenkins said he works with outside cybersecurity counsel to protect the company. They perform threat identification tests through firewalls and have monitored and prevented breach attempts by Russia, North Korea, China, Iran and others as well as within North America.
Internally, he approaches cyber differently, and by the time of publication he will have initiated an unannounced, full-scale simulated ransomware attack to gauge employee reactions.
“We test our people to make sure they are prepared if something like that occurred,” Jenkins said. “We’re going beyond phishing, and we’ll say we’ve been attacked—that we’ve been hit with ransomware and will shut the systems down. We have to make sure our people know the right protocol in these situations, because it’s not always a matter of ‘if,’ but ‘when.’”
More than 2,700 miles west from Jenkins’ base of operations, Jeffrey Bleich shares a similar concern not just for his employees, but for his fleet, which is the nucleus of his company.
When Bleich joined Cruise as its chief legal officer in 2020, he knew that keeping the California-based company’s fleet of autonomous vehicles protected from digital invaders would be perhaps the most critical task.
He said leadership already imagined “doomsday scenarios” in which another actor could breach the driverless car’s security and remotely control it. The cars need to withstand a jackware attack, which enables the hacker to take control or shut down over all or part of the operational functions of a physical device, piece of equipment or machine. Cruise even went so far as to hire a hacker who had breached another automaker’s driver assist system to test their own capacity.
“We built our entire infrastructure around those sorts of strategies, ensuring that not only is ours a very difficult system to penetrate, it’s extremely hardened,” Bleich said. “It is atomized, which means even if you get into it, you only get one tiny piece of the puzzle, so it doesn’t allow you to do very much and will go into a degraded state. The vehicle will recognize if it is breached, pull over and stop, and won’t allow an external source to control its operations.”
General Motors clearly saw the potential in this multilayered development strategy. In March 2022, the automaker acquired another equity fund’s ownership stake in Cruise for $2.1 billion and announced an additional $1.35 billion investment in the company.
The need for protecting the company’s secrets is also keeping legal officers up at night. Bleich and Jenkins stressed the need for protecting their respective companies’ intellectual property (IP), which are in the billion-dollar ranges.
Bleich said companies certainly should reinforce among departing employees the need to honor confidentiality and non-disclosure agreements. But protecting the organization’s IP should not be limited to known employees and traditional competitors.
“Particularly in a global race, you’re not just looking at your immediate competitors, you’re looking at countries that don’t have the same respect for intellectual property rights,” he said.
This perspective was shared by the U.S. Department of Justice (DOJ), which has been kept busy by international actors, some of whom have even resorted to old-fashioned physical infiltration as well. In the first half of 2022, several high-profile verdicts, sentences and consequences were announced regarding trade secrets, including:
- In March, the two founders of JHL Biotech, a biopharmaceutical startup in Taiwan, were sentenced to 12 months of imprisonment, followed by 36 months of supervised release after they were found guilty of conspiring to commit trade secret theft and wire fraud in 2021. The former C-suite executives had obtained and possessed confidential, proprietary and trade secret information from Genentech, through former and existing employees of the latter company.
- In May, a former chemist who had worked for Coca-Cola company was sentenced by a federal judge to 14 years and ordered to pay $200,000 for stealing trade secrets from the soda maker for a Chinese government-supported company. The DOJ valued the secrets, which involved bisphenol-A-free (BPA-free) coatings for the inside of beverage cans, at nearly $120 million to develop.
- Also in May, a Circuit Court for Fairfax County, Virginia awarded Appian, a locally based automation company, $2.036 billion in damages from Pegasystems Inc. for trade secret misappropriation. The award is believed to be the largest of its kind in state court. The jury also found that the defendant, a major software company, violated the Virginia Computer Crimes Act and its misappropriation of Appian’s trade secrets to be willful and malicious.
Christina Ayiotis, a founder of the Cybersecurity Law Institute and a former deputy general counsel, said the result could have been even higher if Appian had been awarded the $3 billion-plus its expert calculated Pegasystems’ unjust enrichment to be.
“The amount may seem large,” said Ayiotis, who was not involved in the case. “But it should be seen in the context of the wider growth of the Robotic Process Automation/Business Process Management software sector and its importance to the digital transformation efforts of all organizations, especially in the public sector market inside the Beltway.”
The Economic Espionage Act of 1996 covers “theft of trade secrets” allowing for penalties up to 10 years in prison and $5 million in fines, or both. But even the threat of prison time was not enough to keep bad actors from scratching the trade secrets itch.
“I certainly hope the facts of the case and the size of the verdict will impact the leadership of all major organizations, including their legal departments,” Ayiotis said. “The message being sent is ‘protecting intellectual property and especially trade secrets, is important.’ This means information governance, cybersecurity and vendor management are critical business functions that should be prioritized and enabled.”
The impact of rising inflation continues to be felt by individuals and organizations across the United States. Each company will take a different approach to constantly rising costs in an effort to remain operational and profitable. Reducing expenses is often the first way to offset increasing costs. Jenkins noted that, for example, fee arrangements with outside counsel need to be revisited.
“The law firms that provide services for me do a very good job,” he said. “And I hated to tell them, but some have had to come up with a better way to handle their expense issues than billing me a lot of hours at higher rates. I’ve pushed back on that often and frankly I’ve been very happy with the firms I’ve worked with who were willing to collaborate with me.”
Another option is to increase pricing of goods and services. Lawrence Greenberg, SVP & chief legal officer at stock market research company The Motley Fool and Venture Partner at Motley Fool Ventures, said that move has benefits and drawbacks.
“Obviously, in an inflationary environment, passing on your higher costs to your customers is an option,” Greenberg said. “But it’s never something that makes customers feel better about you.”
Perhaps it is when the corporate gaze turns toward staff that things can get uncomfortable for both sides. Even positive acts might not have the impact they would have had just a few years ago.
As of June 2022, the rate of inflation has outpaced nominal wage growth for 14 straight months. The BLS reported that the Consumer Price Index for All Urban Consumers (CPI-U) increased 8.6% from June 2021 to June 2022, before seasonal adjustment, the highest reading since December 1981.
“Your employees might feel that they’re taking pay cuts [amid rampant inflation], even when they’re not,” Greenberg said. “Our first priority is to make sure that we can keep the people that we need because we don’t want to have to lose them because of rising prices, and that harkens back to our desire to reduce other expenditures. At some point, and I don’t know where that point is, salaries will almost certainly have to rise.”
Supplementing the issue of rising inflation is, as Greenberg noted, the ability to attract and retain the best and brightest employees. The Great Resignation has evolved into the current, nuanced job market described as the Great Reshuffle. Rather than simply quitting without a backup plan, workers are exhibiting the trend of leaving their jobs to update the trajectory of their careers in a way that may be more lucrative and offer better benefits or even provide more personal fulfillment. This post-pandemic phenomenon has driven widespread organizational change in a short amount of time.
The 2022 Health at Work report from Quest Diagnostics surveyed 423 human resources benefits managers and executives with decision-making authority (HREs) and 846 office workers (employees) in the U.S. at companies with 100 workers or more.
Among the two-thirds of the employees considering a job change, aside from the desire for better pay (50%), the top reasons cited were better benefits in general (38%); better healthcare benefits, specifically (36%); and work-life balance (36%).
“The employees of the world right now, I think, have some significant leverage over the course of the pandemic that I don’t think anybody anticipated,” Jenkins said. “It’s been pretty eye-opening because I think as an employer, you love to talk about how the most important asset are your people. We learned in 2020 and 2021, and even now that it cannot be lip service.”
With board and C-suite leaders increasingly focused on human capital management, general counsel need to uncover important employee injury trends and communicate the connection between employee wellbeing and long-term business success.
“I believe that starts at the top, and our CEO wanted to accommodate employees with flexible work schedules, hazard pay bonuses during the early days of COVID-19 for people who were out in the field and periodic vaccination drives,” Jenkins said. “We’ve had the mindset of doing the right thing for our people. They’ll take care of our customers, which ultimately means that we will all end up doing the right thing and make money for our shareholders.”
Environmental, social and governance (ESG) issues have transcended boardrooms and are now part of the mainstream dialogue. Boards are turning to ESG to better align their processes and priorities with topics that matter to their stakeholders. While not everyone has a seat at that table, their actions are documented—and sometimes leaked—and the decisions a board makes and the way in which it operates are being more heavily scrutinized by employees, media and the general public.
In its 2021 Annual Litigation Trends Survey, Norton Rose Fulbright found that concern over ESG issues grew significantly among corporate counsel. Of those surveyed, 37% said they were more concerned compared to 21% who said so in 2020. Companies in the energy and finance sectors expressed the strongest interest in ESG topics, with climate change and carbon neutrality being frequently mentioned.
According to Cruise’s Earth Day 2022 statement, of the nearly 900,000 autonomous miles its cars drove in 2021, not one added to CO2 emissions, and all were powered by totally renewable energy. The company calculated that statistic offset nearly 229 metric tons of CO2 emissions.
Though it may be a publicly facing humble brag, Bleich said that the ESG strategy is at the heart of Cruise’s mission, particularly now that it has gone commercial. The company received the first-ever Driverless Deployment Permit granted by the California Public Utilities Commission, which allows ride hail service in San Francisco—the first of its kind in a major U.S. city.
“The new technology in AI and the automotive industries will have such a large social impact, which is why I think you have to establish from the beginning that you’re going to be a solid corporate citizen,” Bleich said. “Then it’s not simply about returning value to shareholders. You’re committed to your employees, to your customers and to the communities in which you operate. And if you aren’t thinking in those terms, you’re not going to be successful in this space.”
Accountability and good governance are also at the heart of ESG practices. Corporate lawyers should take note of the derivative lawsuit brought by Boeing shareholders against the commercial jetliner manufacturer in the Delaware Court of Chancery, which in March 2022 approved a landmark $237.5 million settlement.
In re Boeing Company Derivative Litigation stemmed from the tragic and high-profile catastrophic crashes of two 737 MAX jetliners in 2018 and 2019 which claimed 346 lives. Plaintiffs claimed the board breached their oversight duties by not upholding their ESG responsibilities leading to fatal airplane safety issues that ultimately proved fatal.
The Boeing case was a good reminder of the importance of ESG and a professional and engaged board. Though we live in a world where Tesla Motors CEO Elon Musk can tweet a dismissal of the practice of ESG and influence the beliefs of millions, corporate counsel would do well to embed the core values of their companies into their enterprise-wide strategies.
Jenkins also noted that ESG initiatives were highlighted as Transcat increased the number of its labs in the U.S. and Canada and recently in Ireland. Diversity, equity and inclusion (DEI) efforts, he noted, were also being actualized in the boardroom.
“We have spent considerable time increasing diversity in our board,” he said. “We have a lot of board members who have, or will, age out and we have actively replaced them with either persons of color or diverse backgrounds or gender diversity. It was important that we didn’t do it for the sake of doing it. We recruit diverse board members in a respectful manner and we have found people who have fit our needs. Some of the people we invited did not know it was a paid position, which was a bit of an eye-opener on both sides.”
Russia, like COVID-19, has become a discussion point among many of the aforementioned areas—particularly cybersecurity and ESG. The invasion of Ukraine caused the U.S. and other governments to impose sanctions on Russia, but compliance with the new and increasing sanctions can be difficult for some companies who might have already had long-term or strategic goals in the country. Russia is, after all, a G20 economy, with a central role in the global trade of agricultural, energy and mineral commodities.
For example, Russia and Ukraine supply nearly one-third of global wheat exports, one-fifth of the world’s corn supply and 80% of global sunflower oil exports, according to SupplyChain247.com. Additionally, Europe receives a quarter of its oil and more than a third of its gas from Russia. Statista reported that despite the volume and value of Russian fossil fuel exports decreasing since the invasion of Ukraine in late February 2022, Russia was still generating around 40% more off its exports of oil, gas and coal in May 2022 than it did one year earlier.
By controlling these commodities, Russia possesses modest leverage over certain consumers who might not have other options for their oil and certain foods.
The U.S. and other nations have tried to soften the impact on organizations, while also making clear to organizations that they will enforce their measures and absorb the costs on their economies. The International Trade Administration stated in 2022: “While U.S. companies and individuals can lawfully engage in a broad range of business activities involving Russia that are not subject to sanction, penalties for violating U.S. sanctions can be severe.”
Even if a company lawfully engages with Russia, social responsibility advocates are monitoring activity in the region. For example, the Yale School of Management’s Chief Executive Leadership Institute has produced an ongoing list of international companies that have indicated they would curtail operations in Russia to some degree beyond the bare minimum legally required by international sanctions. The list names the companies and details their level of activity (or how completely they withdrew), giving each of the 1,371 companies (as of June 13, 2022) a ranking of ‘A’ through ‘F’; the top grade was given to those completely halting engagements or completely exiting, while the bottom grade reflects those companies that have continued to operate in Russia undeterred. A failing grade on this list for an extended period of time might go viral on social media, drive down a stock price or cause a mass exodus of a company’s own employees.
With regard to cyber threats from Russia, the White House has issued several releases and stresses:
- Educating employees to common tactics that attackers will use over email or through websites
- Encouraging workers to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
- Engaging proactively with your local FBI field office or Cybersecurity & Infrastructure Security Agency (CISA) Regional Office to establish relationships in advance of any cyber incidents.
Legal officers should lead their company’s charge and collaborate with department heads to do their due diligence and screen any third party with any possible connection with Russia to establish whether they are designated under different sanctions regimes. This will help ensure compliance with evolving sanctions and reduce geopolitical risk.
Amid all the chaos, there is a human factor to consider as well, which Jenkins experienced first-hand. Transcat had contractors in Ukraine, but as the warning signs of Russian invasion loomed over the country in February 2022, those coders and the company had to mutually part ways.
“Through their assistance, the contractors in Ukraine actually found us some help both in Ireland and in the U.S. and handed the work off to them,” he said. “Sadly, I think several of them dropped their computers and software coding programs and picked up a rifle. We tried to do everything we could to help them, but at their insistence they could not continue. They had other priorities, which we certainly understood.”
As the world grows more interconnected, so do its risks. This is especially true in business and law, which is why the general counsels are so critical when considering safety, operations and profitability.
Furthermore, now that remote and hybrid work has become embedded in the corporate culture of the U.S., the role of the legal officer has become more challenging. By enhancing their focus on the areas above—as well as others like worker health and safety, extreme weather preparedness and insurance coverage—in-house counsel and legal departments will connect even more dots and be able to help their leadership survive and thrive in 2022 and beyond.
Justin Smulison is a professional writer who regularly contributes to Best Lawyers. He was previously a reporter for the New York Law Journal and also led content and production for the Custom Projects Group at ALM Media. In addition to his various credited and uncredited writing projects, he has developed global audiences hosting and producing podcasts and audio interviews for professional organizations and music sites. JustinSmulison.contently.com