3 Ways Contract Management Can Help with Cybersecurity

I live in the UK and recently there has been (another) data breach in a large corporation, which has lead to another flabbergasted CEO to do countless interviews to apologize for the breach, try to explain what happened and make assurances that it will never happen again at their company.  Hopefully for them and their customers this is an isolated incident, but the reality is that there will be more and not less attacks.  Digital Transformation is great and needs to happen, but as with all advances in technology, there are new advances in criminal activity to match. 

This latest breach has also lead to more people asking me what can be done.  I think this is just because people tend to believe that lawyers are either the cause of or solution to most problems.  Now, I am not a Cybersecurity expert, but I do know how proper contract management can address the risks in this brave new world and solve some problems.

1.       Visibility

Cybersecurity is not necessarily a new problem, but it has become more of a hot topic over the last couple of years. Unfortunately, most companies have not contracted with their customers, vendors or supply chain to address these issues or if they have, they don’t have an immediate grasp on the liability and risks to customers or with their partners.  

We all know that the “hackers” are out there and we need the best technology to limit the exposure.  But very few companies know exactly what this means in terms of liability with their customers or what the potential impact might be on their organization if someone down the supply chain suffers a breach.  This is why we recommend a baselining exercise to assess not just the technical risk, but the contractual risk as well. 

2.      Correction

So once we have a firm understanding and definition of the contractual risk we can start doing something about it.  If the right audits, security requirements, reports and responsibilities are not in the vendor chain, we recommend an attack plan of novating or amending policies with the right communication and implementation of those changes.  On the flip side, companies need to look at the customer liabilities and make sure their policies and terms are clear so that the liabilities and actions are clearly defined and expectations are set.  Furthermore, the “best” clauses should be identified, saved and incorporated into templates. 

All of this can be a massive effort on “paper” and most companies don’t have the in-house capabilities to handle this.   We do.  

3.       Compliance

Now that we have diagnosed the problem and prescribed some treatment, we must monitor these obligations in the contracts while making sure there is evidence to show the company is compliant and all vendors are following the terms.  We also recommend keeping some deep dive analytics tools around to continually optimize the process.

With some simple steps and clear actions a best practice contract management system can help and minimize the risk and consequences of a potentially damaging Cybersecurity breach.  

Related Posts


Implement GRC the “Futsal” way

P, Gopichand
July 10, 2018
A small steps, “footballing” approach to building a large, successful GRC implementation.

Capgemini presents Next Generation Security Operation Center

Christer Jansson
June 14, 2018
Next generation security operation centers (SOCs) resolve the need for cybersecurity skills and help organizations counter threats

Selling security and privacy: Why cybersecurity is the new competitive advantage for retailers

Subrahmanyam KVJ
May 28, 2018
Consumers now see cybersecurity and data privacy as one of the three main reasons to select a retailer, beating even price. In India, it even comes out on top as the number-one reason to do business with a particular retailer.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.


Close cookie information