Cybersecurity took center stage in 2017,following a slew of cyber breaches on major companies, includingthose in highly regulated industries.

As the likelihood of cyberattacks increases, risk managementprofessionals are likely to see more, not less, of this problemin the next year.

"It is clear that not only are cyberattacks of the utmostimportance to the success and reputation of companies, but alsothat boards and management are now reliant on the legal industry tohelp their organizations manage and respond to cyber threats,"wrote ALM Intelligence senior analyst DaniellaIsaacson earlier this month.

As such, here are four lessons that companies can, and perhapsshould, take away from this year:

1. Do the breach due diligence you needto. Former Yahoo general counsel Ron Bell thisyear learned a hard lesson after an independentinvestigation of Yahoo's disclosed 2014 databreach revealed that the company "did not sufficientlypursue" information about the breach. A U.S. Securities andExchange Commission filing found that the "2014 security incidentwas not properly investigated and analyzed at the time and thecompany was not adequately advised with respect to the legal andbusiness risks associated with the 2014 security incident," whichmay have resulted in the massive price reduction in the company'ssale to Verizon.

Bell resigned just before the SEC filing, raising questionsabout whether general counsel are likely to be held responsible fordata breach handling. As Edward McAndrew, a partner at BallardSpahr and co-leader of the firm's privacy and data securitygroup, previously told us, "In-house counsel are oftenbest positioned to play leading roles in cyber-incident response,but they are often on the sidelines. And that's not a viable modelanymore for anyone who wants to keep their job."

2. Being too self-protective doesn't always play wellwith the public. After Equifax Inc.disclosed its massive data breach this year, details of thecompany's legal strategy and financial handling of the breachspilled out and drove a whole added layer of public rage. News thatEquifax executives sold their stock before publicly disclosing thebreach not only provoked investigations from the SEC andAtlanta's U.S. Attorney's Office, but also stoked public distrustof the company.

Related: The (somwhat) good news and bad news of corporatecyber readiness

The company was also highly criticized for a mandatoryarbitration clause nestled into the fine print of the website itset up to help users identify if they'd been affected by thebreach. Although the company quickly sought to clarify and changethe terms of the clause, the clause provoked an outpouringof social media criticism. The company sought to take advantage ofthe time before a Consumer Financial Protection Bureau rule thatwould bar class action waivers from arbitration agreements in thebanking and finance industries takes effect in May, but as ScottNelson of Public Citizen wrote for the group's Consumer Law & Policyblog, "the fact that the compliance date hasn't arrived is noreason for Equifax to foist another injustice on people alreadyfacing injury as a result of its security failures." The movedidn't play well with customers, and likely invited further classaction litigation.

3. Don't try to cover yourtracks. Trying to deal with cyber breachesquietly without notifying anyone might seem like an attractiveidea, but Uber Technologies Inc. may have learnedthat lesson the hard way in its attempt to cover up a 2016 breachinto the personal information of both customers and drivers for theride-hailing service. Not only is it fairly unlikely that cover-upstrategies will succeed (digital transactions and communicationstend to leave a paper trail), but cover-ups are likely to promptregulatory and federal scrutiny.

Bradley Arant Boult Cummings partner and cybersecurity andprivacy team leader Paige Boshell previously toldus that government investigations are more likely ifcover-up actions are disclosed. "The likelihood of a congressionalhearing is much higher due to the subsequent actions than it is forthe breach," Boshell said. She also noted that penalties in each ofthese states and local inquiries are likely to be higher because ofUber's handling of the breach.

4. Invest in your cybersecurity infrastructure andprogramming. Although companies are increasinglyof the mind that cyber breaches are going to happen no matter whattechnology and processes are in place, being responsible aboutcybersecurity is probably the best way to avoid scrutinyaltogether. Making sure that you have anti-virus protections,firewalls, secure connections, passwords with two-factorauthentication and that employees have a good sense of how to avoidphishing attacks are all great precautions to have in place.Regular penetration testing can be helpful in getting asense of your data security program's strengths and weaknesses, andwhat data may be left vulnerable to attack.

Related: 6 ways cybersecurity will impact insurers in2018

Gabrielle Orum Hernández is a reporter with Legaltech Newsand the Daily Report covering legal technology startups andvendors. She can be reached by email at [email protected], or on Twitterat @GMOrumHernandez.