Featured Images

add cybersecurity protections to outsourcing deals

As cybersecurity has become one of the most important strategic imperatives for the enterprise, concerns about how third-party IT services providers are protecting corporate data have grown. As a result, negotiation of cybersecurity and data privacy issues has become one of the most challenging areas in IT outsourcing contract negotiations, says Rebecca Eisner, partner in the Chicago office of law firm Mayer Brown.

“Suppliers are understandably concerned about not paying damages that are disproportionate to the revenue received, and therefore seek to limit or disclaim their liability,” says Eisner. “Customers are equally concerned, particularly where suppliers do not have the same incentives to protect customer data as the customer, and because the negative impacts of a security incident are generally far more significant to the customer than to the supplier.” What’s more, the cybersecurity regulatory environment is rapidly evolving, making it difficult for both sides to access the risks. 

The increasingly complex and geographically dispersed IT environment also complicates matters. When company data lived within one or more central data centers, it was much easier for companies or their suppliers to secure the perimeter, firewalls, physical security and controlled logical access.  Today, data is scattered among data centers, clouds, and mobile devices, for a start. “The points of access and potential points of security failure multiply with this ever expanding ecosystem,” says Eisner. “In addition, many of these systems are provided or managed by third party suppliers.”

For those reasons, CIOs must take a risk management approach to selecting, contracting with, and monitoring their company’s IT service providers. There are six steps IT leaders can take to strengthen data privacy and cybersecurity protections in their IT supplier relationships, according to Eisner:     

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>