4 Ways to Mitigate Vendor Cybersecurity Risks

Association of Corporate Counsel’s ACC Docket

In a March 1, 2024, article published by the Association of Corporate Counsel’s ACC Docket, Kate Kreps, Chief Privacy Officer and Senior Counsel at American Electric Power, joins Woods Rogers Principal and Chair of our Cybersecurity & Data Privacy practice Beth Waller in discussing best practices for addressing third-party vendor risks.

Following a 2023 cyber incident where a ransomware gang wreaked havoc on more than 2,500 organizations by infiltrating a third-party vendor and exposing its clients to massive data theft, a host of lawsuits and public disclosures were sparked, as well as the conversation for many legal departments about how to protect themselves from risks associated with third-party vendors.

Beth and Kate provide four best practices for in-house legal departments grappling with this challenge. Early notification, robust contract requirements, indemnification provisions, and collaboration between security and legal teams go a long way to protecting organizations in the event of a cyber breach by way of a third party.

You may read the column in the ACC Docket here.


Jump to Page