Bill Hewitt, CEO of Exari
For years, lawyers have worked hard to create contracts that reduced business risk and provided for equitable and fair treatment between partners. In recent years however, a new threat has emerged; the “cyber-liability”.
Any company who has lived through a hacking event knows it can damage your reputation, turn away customers, spawn lawsuits and negatively impact your market value. So how do companies deal with this new risk?
One way is to buy cyber-insurance. Yes, it exists. It’s an extension of Errors & Omissions (E&O) insurance that has been around for years. Initially called “network security,” it’s evolved to cover not only network infiltrations but the loss of private information within a company’s control.
Insurance is one thing, but how can companies better protect themselves through their contracts with customers and suppliers?
More and more, companies are adding clauses to their supplier contracts to protect themselves from their partner’s exposure to a privacy breach. Typically this puts the vendor on the hook for any breach that has a direct and material impact, such as loss of company information, confidential data related to other parties and potentially customer information. For example, a shipping company may have access to a supplier’s systems to receive shipment information. If a hacker uses their network to get to the suppliers systems, the shipping company could be in material breach and forced to pay damages.
In addition to extending privacy protections, companies can also force suppliers to demonstrate they have secure systems as part of their contractual obligations. This is often in the form of a security audit or “penetration” testing to uncover vulnerabilities in the system like restrictions on loading executable files or weak password protection systems. Some companies are requiring annual certifications as part of their contracts.
In addition to these layers of security, companies can also regulate how they interact with vendors. A large global bank uses a secure email system that keeps the recipient from copying or forwarding emails and erases them after 48 hours. In order to do business with them you must use this system.
Protecting your critical digital assets is no longer an issue for companies with just consumer data; it’s a real risk for all companies. Every company should view their contract assets as a risk control mechanism against all enemies, real or imagined.
About the Author
Bill joined Exari in 2015 as Chief Executive Officer, responsible for the company’s vision, strategy and business operations. Bill has a strong track record of growing technology companies for companies including Kalido, where he served as President and CEO, Novell, as President of Asia Pacific and Chief Marketing Officer and at market leader PeopleSoft and Hyperion Software. Bill began his career at IBM, where he spent ten years in sales, marketing and executive management. Bill holds a BS degree in business administration from the Boston University School of Management