Vendors and subcontractors cause a majority of technology failures and data breaches. While almost everyone agrees with this, very few understand who has the liability for the failure or loss of data. There are numerous types of technology vendors and subcontractors but the most common group are cloud service providers. In a small business this could be a data backup solution like Dropbox or other boutique solutions. It could be payment processors or payment systems like Square, Heartland Payment Systems, and others. It could be outsourced IT providers and various other cloud service providers like e-mail marketing companies, financial software (Quickbooks and others), HR software, software development firms, mobile rewards programs, EMR or EHR solutions for medical related businesses, and many others. So how well do you know the vendors who create, maintain and protect this sensitive information?
As your business moves to the cloud, your hosting environment becomes a critical piece of your existence. You wouldn’t be able to conduct your business without the infrastructure, platforms, and software. What do you know about the applications and companies you use to analyze, process, and store this data? Amazon Web Services is one of the largest and most secure cloud service providers but has also had numerous high profile outages over the past few years. Contrary to what you may think, I encourage you to use cloud service providers but also challenge you to ask the hard questions when selecting those partners. Here are some questions that you should ask yourself and your partners:
While managing this may seem like a monumental task, there are two things that will protect your business. First, make sure you have a comprehensive diligence process on your critical vendors and subcontractors. And second, explore a cyber liability insurance policy for your company; it can be used to protect your ability to generate recurring revenue after a technology failure.
Travis S. Holt is a partner at Brush Creek Partners specializing in risk management for technology companies and companies who rely on technology to generate revenue on a daily basis. After learning the insurance business at a large national agency, Travis started Brush Creek Partners to better assist companies by providing innovative insurance solutions and a unique set of risk management services. You can contact Travis at Travis.Holt@BrushKC.com.