I have just returned from the Zycus Horizon 2015 conference, where I was a speaker. The thing about conferences is that you always learn something and yesterday was no exception, especially when I listened to a presentation by Deborah Wilson from Gartner entitled “Cyber Security What the CPO needs to know.” The thing that I found most interesting in the presentation was that all supplier contracts need specific language about risks, obligations and notifications concerning cyber security breaches. Do your contracts contain clauses that address cyber security?
While reading news headlines waiting for my flight, this one caught my eye: “Average Cost of Cyber-crime in the U.S. Rises to $15 Million.” So today I called a few law firms that I have worked with over the years and all of them confirmed that the fastest growing practice in their respective firm. All were now building new contracts with cyber security language. The Security and Exchange Commission issued guidelines that have gotten a lot of attention as companies build the contract language to protect them.
This is a wakeup call to me; many of my clients are highly exposed as they have not added the new language and contract clauses. I will be adding them to my contracts immediately. In next week’s blog, I will continue with this topic by including advice from some cyber security legal experts.
From the FDA warning medical facilities that they should top using a medication infusion pump that was vulnerable to hacking to the highly publicized security breaches attributed to suppliers (one breach was caused by a supplier’s invoice that included a Trojan), you may not think you’re vulnerable, but anything connected to your organization’s network is a potential threat. My advice is:
- sit with your legal team to review what language is needed
- rewrite the contracts, and
- kill the evergreen contracts–nothing lasts forever!
Are you prepared?