CYBER AND DATA DISPUTES: THE CURRENT LANDSCAPE AND PREDICTIONS FOR THE FUTURE
Cyber and data-related disputes have become a key feature of the global legal landscape. This article identifies common sources of cyber and data disputes, and the risks businesses can expect to face in the future. By understanding these common sources of risk, businesses can be on the front foot and limit the extent to which cyber and data-related disputes may interrupt business as usual.
Disputes between commercial parties
Disputes between commercial parties commonly arise as companies increasingly look to outsource certain data and IT services to third parties. While outsourcing may allow businesses to save on costs or access a broader range of resources, it will also necessarily increase those companies’ cyber security risk as data is shared across a supply chain.
An attack on one supplier in a supply chain may render other businesses in that supply chain unable to meet their obligations, subject them to significant reputational risk, and in extreme circumstances, force an unwanted shutdown. Companies in this position will frequently seek to hold their suppliers accountable for their loss and the contractual arrangements between the parties will generally form the basis for such disputes.
By way of example, prudent companies engaging in outsourcing will generally try to protect themselves by requiring suppliers to implement and maintain appropriate systems and controls to ensure that data remains secure. If a supplier has made provided representations or warranties about the appropriateness of its security systems, a contractual claim is likely to follow in the event that a data breach does occur.
Companies and suppliers may also seek to agree contractual provisions that apportion liability in the event of a cyber attack or data breach. Such provisions can be complex and may also provide fertile ground for a dispute.
Oct-Dec 2022 issue
Herbert Smith Freehills