A general counsel is awoken from a peaceful sleep late one night and informed that their organization’s network has been taken hostage by ransomware. The C-suite and other key stakeholders are notified. Someone rallies the IT department. Cyber forensics experts may even receive some outreach. But when does outside counsel get a call?

Answers may depend on whom you ask. The State of Industry Response Survey 2021 assembled by Kroll, Red Canary and VMware Carbon Black showed that 47% of the 500 security and risk leaders surveyed—each from organizations exceeding $500 million in revenue— felt their teams lacked clarity around when to engage legal counsel about a potential incident.