General counsel should not be afraid to ask their technology departments tough questions about IT security, as this may raise a potential red flag on a range of issues. In an article for Lexology, discussing ten questions every general counsel should ask, David Katz of Nelson Mullins Riley & Scarborough LLP says one of these should be what percentage of the company's total IT budget is spent on data security. 'Too little money spent could appear to be a breach of fiduciary duty in the event of a data breach and too much money could be evidence of incompetence in the event of a data breach,' he said. He added that the aim is to understand the numbers and 'consider the spending in light of the size of the organisation, the nature of the existing legal and regulatory obligations of the organisation and the risk tolerances of the organisation.'