When a Data Breach Occurs, Will You Be Prepared?
It’s almost certain that an organization will experience a data or system security breach at some point in its lifespan. Recently, we’ve seen breaches at Microsoft1, Mitsubishi Electric2 and the DHS, affecting over a quarter of a billion people. Data breaches and cyberattacks are becoming even more widespread and significant as companies make it a priority to keep their customer’s IP protected. According to a recent study conducted by data security research firm Ponemon Institute, the cost of a data breach continues to increase. Businesses can no longer afford to ignore protecting the sensitive data they have been entrusted with as security threats proliferate.
With regulations such as GDPR and the newly effective California Consumer Privacy Act (CCPA), organizations need to have a clear understanding of their contractual obligations, specifically where data breach notification is concerned. If a breach were to occur, organizations need to prove that they’re protected and provide the necessary information to regulators within a very short window of time. Specific notification language may include:
- What protection must be afforded to partners?
- When and what must companies tell customers and what should they say?
- How, when and in what circumstances must regulators be informed?
Do you know where this information lies across your contract portfolio?
As of January 2020, data protection regulations have imposed €114 million in fines for a wide range of GDPR infringements3, the largest of which totaled €50 million. And if that wasn’t enough, the effects of a data breach can be felt for years with the potential reputational risk and hits to revenue. While an average of 67% of data breach costs are realized within the first year after a breach, 22% accrue in the second year and another 11% accumulate more than two years after a breach4. Data security is quickly proving to be a business-risk problem that needs to be delicately managed before a breach occurs. Given the sheer volume of contracts that most organizations have, technology is a key asset in sorting through unstructured data in order to find relevant information quickly and maintain compliance.
By prioritizing resources and technology adoption for contract review, you can take a critical first step. When a breach or cyberattack does occur, many organizations don’t have the ability to locate vulnerable contracts across business lines and begin remediation in a timely manner. Furthermore, organizations may find that legacy contracts don’t address breaches and protocols for response. That’s where technology comes into play.
Breach response is the biggest cost saver, and by having a response plan in place, you can maintain customer trust and handle incidents in a timely manner. Technology such as artificial intelligence and contract analytics allow you to ensure that your organization is prepared. With these systems in place, you gain visibility across all of your contracts and can ensure that all necessary contracts include adequate breach and notification language. If a breach were to occur, the appropriate teams can locate all impacted contracts, identify the actions that must be taken and begin remediation quickly.