Minimize the legal fallout of tech failure
Businesses know that the risks of a technology failure are great and the stakes are high, but too many are doing too little to mitigate them. This is where they should start.
Involve the board
As more and more businesses use technology to drive growth, their C-suites will need to prioritize risk mitigation. Board directors should also enhance their oversight of technology risk by:
- Increasing the time they spend discussing risk.
- Adding new technology roles to the board.
- Creating a technology risk board committee where relevant.
But the survey data reveals that fewer than half of boards plan to do any of this in the next two years.
Only a minority of boards plan to take measures that will improve their oversight of technology risk
Q. Which of the following does your business plan to do in the next two years to better manage the risks posed by your development and deployment of technology?
“We’re seeing legal disputes arise from technology failure where there is convergence between traditional and new sectors. Traditional manufacturing companies, for example, may not be aware of the complex data protection regulation that can apply to new products they develop, or may not practice privacy by design.”
Lauren Colton | Partner, Hogan Lovells
Identify which technology is business-critical
It is crucial to identify and document all business-critical technology – then, you can put in place special protections and backups in case of failure. But not enough businesses are doing this.
More than a third of businesses have not identified all of the business-critical technology within their organization
Q. To what extent do you agree with the following statement? “We have identified all of the business-critical technology within our organization.”
Note. Percentages do not total 100% due to rounding.
The next step is to determine what may cause that business-critical technology to fail and identify the risks this may pose to the wider business.
Create a tech-failure response plan
Once you have worked out which technology is business-critical, you need policies and procedures to follow if it fails. These “crisis-management playbooks” help you to mitigate risks, identify gaps in defenses, and deal efficiently with issues as they arise.
Two-thirds of businesses have technology failure crisis-management playbooks
Q. Does your business have a technology failure crisis-management playbook or other such document that guides how you should respond to such an event?
Although most businesses have crisis-management playbooks, many exclude some important details and guidance. Producing these playbooks needs to be a collaborative effort. As with cyber plans, multiple parties will have to get involved, including management, technology, and legal teams.
Tech failure crisis-management playbooks lack vital information
Q. Which of the following does your crisis-management playbook include?
Next, you need to train your teams to act on this information and respond effectively to a major technology failure event. One of the best ways to reinforce that training is to simulate the response through tabletop exercises.