Home A CISO’s Guide to Preventing Downstream Effects (And Litigation) After a Breach

A CISO’s Guide to Preventing Downstream Effects (And Litigation) After a Breach


How many third-parties does your organization work with? Seventy-one percent of organizations state that their third-party network includes more businesses than it did three years ago.

In the next three years, the same percentage of organizations expect that their third-party partnerships will expand even further. Third-party partnerships are valuable, multi-faceted tools until a security breach occurs. At that point, the downstream effects of a breach can lead to contractual obligation failures and litigation.

Ensuing breach litigation can be intense and can impair businesses; rupturing business relationships, tarnishing reputations, and exhausting financial resources, among engendering other negative impacts. In some cases, breach litigation is a business extinction-level event. In this cyber security whitepaper, we’ll address key ways to reduce downstream liability issues in the event of a breach, with an emphasis on how to prevent legal battles.

After reading this whitepaper, if your business experiences an attack that affects your third-party contacts, you will be in a stronger position to refute any litigation that may arise.

Cascading Effects

Downstream cyber risk, incidents and liability are particularly concerning for entities and industries that maintain complex interdependencies. For example, within the automotive industry, a cyber attack on an electronics systems supplier could stymie efforts to continue manufacturing vehicles in separately owned and operated plants.

Possible real-world outcomes include significant economic losses for a series of companies, the erosion of trust between businesses, and exorbitantly high parts and vehicle prices for consumers, among other
unwanted effects.

The Cost of Failure

The cost of failure is high. On average, incidents with downstream implications cost organizations roughly $432,000, but costs have been known to exceed $163 million. Over 80% of incidents with ripple effects involve financial damage payouts. Fifteen percent of ‘ripple incidents’ force defendants to pay roughly $8.3 million in response costs. While some lawsuits are indeed settled prior to going to trial, they still impose distracting, needless theatrics and reputational damage.

Download the full text here.