How to build cybersecurity into outsourcing contracts

IT outsourcing customers must take greater care in building cyber-risk protection into their IT services and cloud computing deals.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Any time a company shares data or provides access to third-parties, it increases its vulnerability to unauthorized access or breach. So in today’s IT environment in which enterprises partner with multiple IT service providers, who in turn may have multiple subcontracters, cyber risks increase exponentially.

[ Related: Why CIOs can’t wait to renegotiate their outsourcing contracts ]

“Customer data and systems are only as secure as the weakest link in the vendor ecosystem,” says Paul Roy, a partner in the business and technology sourcing practice of Mayer Brown. “The risks for customers are twofold: not only does the customer increase its risk of a data breach, it also increases the risk that it will be in breach of its regulatory or contractual obligations if its vendors fail to comply with such obligations.”

[ Related: How long can IT outsourcing deliver more for less? ] talked to Roy and Lei Shen, senior associate in the cybersecurity and data privacy practice at Mayer Brown about the potential impact of security incidents arising from IT outsourcing or cloud computing engagements, the shortcoming of cloud computing contracts with regards to customer cyber risk protection, the key contractual provisions for mitigating these risks in an evolving regulatory landscape, and the importance of ongoing review in this rapidly changing area.

To continue reading this article register now

Join the discussion
Be the first to comment on this article. Our Commenting Policies