We’re living in the brave new world of big data. It’s here, it’s real and it’s already changing our lives in awesome ways. With all of its potential, though, comes the fear that the vast stores of information institutions hold will be used for malevolent purposes.
The news has been filled with stories about data breaches, DDoS events, and other IT attacks. A quick flip through recent headlines recalls the punishing hacks of EBay, Home Depot, Verizon and P.F. Chang’s. According to Forbes’ assessment of the first half of 2014, “Criminals are stepping up their game and data breaches are becoming both common and devastating.”
As shown by the high-profile – not to mention highly embarrassing – breaches of the past year, even the biggest organizations cannot completely shield themselves from a cyber-attack or data breach, the risks of which are too obvious and numerous to mention. After implementing oversight/prevention strategies (outlined here by the Department of Homeland Security) the best thing executives can do to mitigate risk associated with cyber threats is to be prepared for them.
Far too many organizations have no idea which contracts contain terms addressing IT security breaches, let alone how the language varies across those that do. In the case of breach, there is no time to analyze what may potentially amount to thousands of contracts before taking action. Thus, corporations must prepare in advance in order to combat the risks associated with a cyber attack. According to a recent Corporate Counsel article, this means being proactive by “prioritizing resources and investments for reviewing vendor contracts and specific clauses addressing the risks relating to privacy, cyber security, data breaches and other cyber risks.”
Understanding what’s in your contract portfolio means you are equipped to create a strategy complete with plans of action that can be decisively and rapidly implemented. Only with access to complete contract knowledge through mechanisms such as best in breed contract management and discovery software, will response teams be able to find contracts relating to the specific type of breach, identify the contingencies stipulated in the contract, and work on remediation efforts to lessen the impact of the attack. “They also will be able to proactively determine which contracts the organization has that don’t include adequate breach or notification language,” the article continues. “This language is critical when determining a proper response. For example, if a breach occurs, does the breach meet the preagreed definition of a breach? If it does, what are the notification requirements? Are there other actions you’ve agreed to on a one-off basis, or is it part of your template?”
Your cyber security preparedness efforts will do more than mitigate loss in the unlikely event of breach: they will demonstrate to investors, partners and clients that your organization takes security seriously, and they will give your team the peace of mind to forge bravely ahead.