A new report from global law firm Hogan Lovells surveyed 550 international business decision makers and found that their organizations are generally unprepared for the legal problems that arise from technology risks.
68% of respondents said that technology is a central part of their growth strategy, but 50% do not have an up-to-date cybersecurity incident response strategy and only 31% wrote that strategy in consultation with a legal team. Among other alarming statistics revealed by the study, roughly two-thirds of organizations are not adequately evaluating the credentials of third-party vendors to protect against a supply chain breach.
American organizations still struggle to adequately address technology risks
Titled “Litigation Landscape: How To Prevail When Technology Fails,” the report surveyed general advisers and data privacy officers of international companies with annual revenues of between $ 200 million and $ 1 billion. These organizations were roughly evenly distributed among seven different industries; Most were from the US or Europe, but some 130 companies from the largest economies in the Asia Pacific region were also surveyed.
The report confronted these decision makers with a variety of potential legal problems arising from common technology risks: technology failure in clients, algorithms inadvertently discriminating against certain groups of people, and new vulnerabilities created by incorporating new technology to just Some examples. Technology risks to businesses only increase over time, as new elements need to be onboard quickly, social media helps spread news about vulnerabilities or issues very quickly, and stricter regulations are online around the world.
Businesses have particular problems keeping up with cybersecurity and private data protection fronts. Although hacking has increased dramatically since the COVID-19 pandemic expanded work-from-home arrangements, about half of all companies surveyed reported that they do not have an up-to-date cyber response plan that takes into account a full range of relevant risks. .
Most companies (76%) have some type of cyber response plan in place, even if it is out of date, but only a third of them (31%) formed a legal team while developing it. This is despite the fact that approximately 66% of all companies agree that a data breach is likely to lead to costly lawsuits or fines.
Only 38% of senior executives expressed confidence in the safeguards that exist to handle current threats. A similar number of organizations are not adequately evaluating their vendors and vendors for the possibility of a third-party data breach. Senior leadership also tends to be aloof from decisions related to technology risks, with only 9% of organizations reporting that they are involved and consider this category as important as more traditional business risks. Only 35% report having confidence in senior executives to manage technology risks; This concern is perhaps well placed, as only 6% report that technology risks are on par with financial risks. Additionally, 56% of boards are not currently considering how to mitigate critical technology failures that could bring down internal systems or render consumer products out of work.
Technology risks related to algorithms gone awry are an area of concern that appears to become a serious problem in the near future. 45% of the companies surveyed do not verify any of their technology products for the possibility of algorithmic bias in demographic terms such as race or gender. This has been shown to be a problem area in various facial recognition systems; the most common culprit is not including an adequately representative sample of all groups in the models used to train algorithms to recognize features and details. One area that is experiencing rapid adoption (with a potentially poor assessment of potential bias) is the use of human resources (HR) software algorithms to automatically screen candidates for job openings and promotions. Some other examples the report cites include gender bias in determining credit limits and racial bias in prioritizing patients for healthcare.
Most companies (76%) have some type of cyber response plan in place, even if it is out of date, but only a third (31%) joined a legal team while it was being developed. #cybersecurity #respectdata
Bridging the legal and technology divisions to address the risks of climate technology
What can companies do to improve the situation? According to Hogan Lovells, one of the most important keys is to involve the boards of directors and C-suites in the process of identifying technology risks. Equally important is the involvement of both legal teams and privacy specialists familiar with the relevant regulations. Companies must also focus their attention heavily on two key areas of vulnerability: the supply chain and risk monitoring that spans the entire technology lifecycle. The researchers suggest that the way to start facilitating all of these things is to create new technology-specific roles that are added to the board, and potentially create a technology risk board committee (in situations where it makes sense). The report’s farewell warning is that a cybersecurity-related litigation “wave” is coming, and companies that actively bridge the technology and legal divisions will be in the best position to weather it.