As general counsel take on more responsibility within their companies, there are sure to be a number of challenges that are top of mind. But what are the concerns that rank highest for today’s GCs?

A report from ALM Intelligence and Morrison & Foerster, unveiled Thursday at the 17th annual SuperConference, a gathering for in-house counsel and other legal professionals in Chicago, aims to answer just that question. The inaugural “General Counsel Up-at-Night” report looks at responses to an online survey conducted in spring 2017 from more than 200 U.S.-based general counsel and other in-house legal decision-makers.

The results reveal that the most pressing challenges faced by respondents are: regulations and enforcement; privacy and data security; risk and crisis management; litigation; and intellectual property. Among these, the biggest concerns are regulations and enforcement, with 74 percent of respondents identifying this as a very important challenge, followed by privacy and data security with 65 percent and risk and crisis management with 63 percent.

Bob Bostrom, senior vice president, general counsel and corporate secretary at Abercrombie & Fitch Co., said he’s not surprised these issues ranked as top concerns for general counsel, especially reputational risk and regulatory uncertainty.

“Reputational risk is increasingly on my mind, and I think on the minds of many,” he said, pointing to recent headlines where an issue has suddenly become an “existential crisis” at companies such as Wells Fargo & Co. and Uber Technologies Inc. “I think increasingly, companies now are thinking of [reputational risk] not necessarily as a byproduct of an event, but something you need to think about every day,” he added.

As for regulatory issues, a big concern is monitoring changes coming out of Washington, D.C., Bostrom said, and enabling the business to react to new developments. “What kind of keeps me up at night is not knowing what’s going to happen and when and what the implications are going to be for our business,” he said.

Sterling Miller, former general counsel to Travelocity and Sabre Corp. and now a lawyer at the firm Hilgers Graben, agreed that regulations and enforcement may be concerns becoming more important to those in the legal department. “What in-house counsel really want most of all from the government is consistency,” he said. “When things get thrown up in the air and you don’t know what regulations are going to be in effect … and how are they going to be enforced, now you have a lot of gray area. I can see that weighing heavily on in-house lawyers’ minds.”

Some 39 percent of respondents to the survey cited regulatory uncertainty as a primary obstacle when it comes to managing regulatory and enforcement matters.

Despite identifying the most pressing challenges for GCs, however, the survey showed some disparity between the amount of time focused on these issues versus their perceived importance. Respondents were asked to rate on a scale how important an issue was to them and how much time they spent on that issue. For privacy and data security the results showed a 22 percentage point difference between importance assigned and time assigned. For risk and crisis management, there was a gap of 17 percentage points.

Where stated priorities seem most in line with time spent is with respect to regulations and enforcement and intellectual property, with each having only a 4 percentage point difference between importance and time.

Disparities between time and importance ratings may come down to balancing what has to be dealt with now, versus problems that can be dealt with later, according to Miller. “I think those things where the gap is smaller are issues that are arising daily or weekly and have to be dealt with. The other things are more theoretical: Will we have a privacy breach? Will we have a crisis we have to manage?” he said. “It’s just a matter how do you best focus your limited resources on the things that need to be done and still try to find time to deal with these things that can be put off, so to speak.”

And practically speaking, it makes sense that the percentages might not always match up, said Bostrom, because even if data security is a top priority, for instance, “unless you have a data breach, you can’t spend [65] percent of your time on privacy and data security because nothing else would get done,” he said. A general counsel will have a hand in setting up protocols, adopting policies and engaging with relevant associates in the company, Bostrom added, “but once you’ve done that, it’s still a very high priority, but there’s only so much you can do.”

Other findings from the report include:

• Some 73 percent of respondents’ work was handled by the legal department. Twenty-five percent of the work went to outside firms and the remaining 2 percent was allocated to alternative service providers.

• When it comes to intellectual property matters, nearly 70 percent of respondents identified enforcement of IP rights as a challenge.

• Eighty-seven percent of respondents identified hacking/phishing/malware/ransomware as a current concern with respect to privacy and data security. This was followed by 62 percent who cited employee mistakes.