- Details
- Published: Thursday, 26 January 2023 09:14
Recent research reveals that both companies and MSPs are disturbingly unclear about their legal and financial obligations when a data breach occurs. As a result, contracts are ambiguous and the risks of legal wrangling severe. Simon Pamplin looks at the issue.
Cyber security has become a board level issue in recent years – not least since the introduction of ever more punitive fines and personal responsibility for the protection of sensitive data. Yet recent research undertaken by Sapio Research on behalf of Certes Networks confirms that far too many businesses are simply handing over responsibility to an IT service provider (ITSP) or managed services provider (MSP) – and expecting the provider to pick up the financial cost should a data breach occur.
Companies employing third party organizations to deliver security policies expect ITSPs to cover 48 percent of the costs in the event of a data breach. Astonishingly, 73 percent of ITSPs also consider themselves responsible for paying fines and damages and believe they should pay 51 percent of the costs.
Whether these expectations can be met as and when a breach occurs remains…
