It is almost certain that an organization will experience a data or system security breach at some point in its lifespan. In the last week alone, we’ve seen breaches at Microsoft1, Mitsubishi Electric2 and the DHS, affecting over a quarter of a billion people. Data breaches and cyberattacks are becoming even more widespread and significant as companies make it a priority to keep their customer’s IP protected. According to a recent study conducted by data security research firm Ponemon Institute, the cost of a data breach continues to increase. Businesses can no longer afford to ignore protecting the sensitive data they have been entrusted with as security threats proliferate.
With regulations such as GDPR and the newly effective California Consumer Privacy Act (CCPA), organizations need to have a clear understanding of their contractual obligations, specifically where data breach notification is concerned. If a breach were to occur, organizations need to prove that they are protected and provide the necessary information to regulators within a very short window of time. Specific notification language may include:
- What protection must be afforded to partners?
- When and what must it tell customers and what should it say?
- How, when, and in what circumstances must regulators be informed?
Do you know where this information lies across your contract portfolio? With just hours to react and thousands of potential contracts to review, organizations must be prepared. As of January 2020, data protection regulations have imposed €114 million in fines for a wide range of GDPR infringements3, the largest of which totaled €50 million. And if that wasn’t enough, the effects of a data breach can be felt for years with the company’s open to reputational risk and potential hits to revenue. While an average of 67% of data breach costs were realized within the first year after a breach, 22% accrued in the second year and another 11% accumulated more than two years after a breach4. Data security is quickly proving to be a business risk problem that needs to be delicately managed before a breach occurs. Given the sheer volume of contracts that most organizations have, technology is a key asset in sorting through unstructured data in order to quickly find the relevant information and maintain compliance.
By prioritizing resources and technology adoption for contract review, organizations can take a critical first step. When a breach or cyberattack does occur, many organizations don’t have the ability to locate vulnerable contracts across business lines and begin remediation in a timely manner. Furthermore, organizations may find that legacy contracts do not address breaches and protocols for response. And that is where technology comes in.
Breach response is the biggest cost saver, and by having a response plan in place, organizations are able to maintain customer trust and handle incidents in a timely manner. Technology such as artificial intelligence and contract analytics allow organizations to ensure that they are prepared. With these systems in place, organizations gain visibility across all of their contracts and can ensure that all necessary contracts include adequate breach and notification language. If a breach were to occur, the appropriate teams are then able to locate all impacted contracts, identify the actions that must be taken and begin remediation quickly.