Norton Rose Fulbright's 20th Annual Litigation Trends Study finds that cybersecurity and data protection are currently most at risk and the most concerning this year in retail, consumer markets, and the food and beverage industry. Ranked in the field.
Disputes related to AI, regulation, and ESG were also reported as important areas of exposure. The report gathered responses from more than 400 general counsel and in-house litigation leaders across the U.S. from a variety of industries, including nearly 100 respondents from the retail, consumer markets, and food and beverage industries. It turns out that there is.
Cybersecurity and data privacy remain the most significant risks
40% of respondents will experience some type of litigation in this area in 2023, reflecting a significant increase from 2022 (33%), and 44% of respondents will see it as their biggest fear in 2024. cybersecurity litigation, leading all other litigation categories.
With cyber-attacks and tightening regulations on the rise, the study found cybersecurity and data privacy to be the main sources of conflict and expected risk over the past few years. Interestingly, however, respondents also pointed to a new source of cyber risk this year: the legal costs associated with expanded data collection and retention.
One respondent said this expanded data “will make litigation even more painful because we will have to sift through large amounts of potentially irrelevant data.”
Risks in the retail, consumer markets, and food and beverage sectors are expected to continue to increase. In addition to the SEC's cyber incident disclosure requirements, several additional states have enacted or implemented cyber and data privacy laws to reflect these risks, including Texas, Tennessee, Montana, Indiana, and Rhode Island. We are updating existing laws.
This growing patchwork continues to challenge compliance across jurisdictions, while also increasing the number of sources of exposure if something goes wrong.
Best practices for mitigation continue to be:
- Ensure the use of tools to regulate, restrict and monitor access.
- Ongoing training of all staff, particularly on phishing and social engineering.
- horizon scan.
- Continuous improvement process including auditing and control testing.and
- Increase vigilance with external vendors, including reviews and audits, certifications, and ensuring upgraded security as needed.
AI poses challenges
After cybersecurity, a new concern expressed by respondents is the proliferation of AI. Respondents revealed that they have a love-hate relationship with AI.
Meanwhile, respondents cited AI technology as a factor in increasing cyber and intellectual property risks. On the other hand, respondents want outside counsel and other service providers to use generative AI to increase efficiency and reduce costs.
Additionally, President Biden's Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, issued in October 2023, indicates the intent to regulate AI technologies in the United States, and therefore the regulatory focus on AI. The rise in the market is a foreshadowing of future risks.
U.S. companies should expect more regulatory activity regarding AI in 2024, including state intervention following data privacy patterns. For example, the California Legislature is currently debating significant restrictions on AI technology.
Retail, consumer market, and food and beverage companies should adopt and maintain internal policies and procedures regarding the use of AI that are consistent with the establishment of a voluntary framework and the possibility of imposing mandatory or de facto compliance. Continuously tracking regulatory and litigation developments is essential. Requirements for each.
regulatory investigation
Regulatory research continues to be on the minds of respondents, with 41% of retail respondents, 47% of consumer market respondents, and 35% of food and beverage respondents saying their We expect our exposure to increase in 2023.
The federal government and many state agencies are increasingly focused on cyber and data privacy, with technology becoming nearly ubiquitous in every aspect of these areas, from online marketplaces to payment processing to targeted marketing and advertising. It focuses on consumer protection issues arising from its use.
While it remains essential for companies in these sectors to have robust consumer protection policies and procedures in place, now more than ever these policies are aligned cross-functionally and reviewed holistically across the enterprise. is important.
ESG continues to pose risks and DEI will be the key unknown in 2024
The focus on ESG, corporate social responsibility, sustainability, and DEI continues to grow in importance, with 1 in 10 respondents experiencing ESG-related litigation in 2023; It was only 2%.
Anti-ESG sentiment is also a prominent source of risk as organizations find themselves caught in the middle. However, only 29% of respondents expressed concern about anti-ESG regulatory pressures, suggesting that respondents are feeling weak about the mettle of anti-ESG advocates.
Beyond this heated political battle, the risk of greenwashing continues to raise concerns for in-house lawyers, with 54% of all respondents saying that an increase in environmental disputes will be driven by greenwashing and false advertising claims in 2024. I predict that.
The SEC's recently approved climate change disclosure rules (despite pending legal challenges) include California's SB 253 (climate emissions disclosure), SB 261 (climate-related risk disclosure), and AB 1305 ( This risk may become even more severe when considering emissions disclosure). carbon neutrality claims and demonstration of use of offsets). There has also been an increase in private class action activity based on false advertising of the green attributes of products and services.
Finally, following the U.S. Supreme Court's affirmative action ruling, a new risk issue has entered the discussion. The ruling prompted legal challenges to his DEI policies and procedures from a variety of organizations and institutions in employment, recruitment, procurement, and other areas.
It remains to be seen how successful these challenges will be, but 42% of all respondents
DEI leads all social considerations in warning as an area where conflicts are expected to increase, closely followed by human rights (41%) and labor rights (36%).
That could be the case in 2024, specific to the retail, consumer markets, and food and beverage sectors. Several states have passed legislation requiring companies to disclose information about their supply chain impacts and plans to mitigate these issues. Businesses should closely monitor these developments, reviewing existing policies and procedures and preparing to create new policies and procedures as legal challenges and laws evolve.
Looking to the future
Unfortunately, there are no easy answers to this growing trend of conflict. Companies must not only balance investor demands with the potential for brand damage and reputational impact, but also align risk appetite across internal stakeholder groups. Investing in preventive measures can yield positive results, but it comes at a significant cost and time. Also, the situation is constantly evolving, so vigilance is required.
