Shifting liability
- Does the contract mitigate the inherent uncertainties of vendors managing and handling data by requiring the vendor to have cyber liability insurance?
- Does the contract’s limitation of liability clause adequately allocate the liability between the parties?
- Does the contract allocate which party will be responsible for any fines or other costs relating to the vendor’s violations of requirements to keep data secure?
Contract provisions should attempt to transfer whatever risk the company is not able to mitigate on its own. When contracting with vendors, consider how common contract provisions can be used in ways that shift liability when it comes to matters related to data security.
Cyber liability insurance can help mitigate the risks associated with having vendors manage and handle customer and client data. A common request, which depends on the risk involved, is for $5 million in cyber insurance.
These contract provisions will often prescribe minimum limits, detail the types of incidents covered, or even demand that the company be added to the policy as a beneficiary. Confirm that policies cover ransomware incidents.
In these clauses, companies can…
