Lawyers have an unfortunate reputation for being lackluster stewards of technology. But inside of corporate legal departments, a shift is happening that finds many in-house attorneys charged with playing a significant role—and in some cases managing—their organization’s cybersecurity infrastructure.

The change comes as the legal risk around breaches and the handling of data continues to grow thanks to a widening international net of regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Businesses are now more wary than ever that what they do or fail to do with regards to cybersecurity can return to haunt their bottom line or even wreak irreversible damage to their public reputation.