Why Cybersecurity Must Be Priority in Contract Management

Despite the rise in the number of corporate breaches by malicious hackers throughout the United States, corporate boards across the nation appear not to be so concerned.

According to a KPMG survey, less than 40 percent of board members in the FTSE 350 Index companies view cyber-attacks as a more serious risk than other potential pitfalls. Those 40 percent of board members may be underestimating the repercussions of security breaches, particularly for contract managers.

In this article, we will explore the top 4 reasons why cybersecurity must be priority in contract management.

1. Data Breaches Affect the Bottom Line

When taking a closer look to the movement of the stock price of a victim of data fraud one thing is clear, the stock price will drop. Here are some key examples from 2014:

  • In November 2014, Sony’s stock took a 1.1% in value after 47,000 records were stolen by hackers.
  • In September 2014, Home Depot’ stock price drop by 2.4% after hackers got away with 56 million credit card records and 53 million email addresses.
  • In August 2014, JP Morgan’s market value took a 0.7% nose dive after the announcement that 83 million records had been compromised.
  • In May 2014, eBay’s market value went down by 0.7% when 145 million email addresses, account logins, and physical addresses were obtained by hackers.

 2. No Industry is Immune to Cyberattacks

A common reaction to any list of corporate cyberattacks is “that won’t happen to us, we not neither retailers nor financial institutions”.

However, the empirical evidences shows otherwise.

According to Bloomberg Businessweek, since 2005, more than 75 data breaches in which 1,000,000 or more records were compromised have been publicly disclosed. While it’s true that retail & merchants and financial & insurance services do lead the pack in victims of cyberattacks, they are not alone.

For example, government & military agencies, such as the Montana Department of Public Health and Human Services, and healthcare & medical providers, such as Community Health Systems, were targeted by hackers. The first organization had 1.3 million records compromised in May 2014, and the second one had 4.5 million records breached in August 2014.

3. Small and Mid-Sized Businesses are Targets

Another common reaction from small- and mid-sized American businesses is that they are immune to cyberattacks due to their size.

This is a myth that has been proven over and over. Back 2012, cyberattacks on small businesses rose 300 percent from the previous year. Then in 2013, a study from Verizon showed that 11% of the 855 data breaches they examined, 71 percent occurred in businesses with fewer than 100 employees.

According to the National Cyber Security Alliance, small business have a 20% probability of becoming victim to cyberattacks every years. Even worse, about 60% of those attacks go unnoticed within six months after the attacks took place. A similar trend can be observed in attacks to mid-sized businesses.

4. Contact Data is Valuable

Some corporations may be baffled that some cyberattacks may only target email addresses. However, there is a major reason for that: more than half of Americans believe their list of contacts have high value.

This is why it’s critical that any of your systems, including your contract management system, meets industry standards for protecting the contact data (e.g. email addresses, physical addresses, phone numbers). More importantly, government contractors need to pay special attention to the loss of contact data and other forms of Personal Identifiable Information (PII).

Several government agencies, such as the Department of Labor, clearly spell that “the loss of PII can result in substantial harm to individuals, including identity theft or other fraudulent use of the information.” That is government contractors have to demonstrate due diligence in protecting PII from loss and misuse.


Cybersecurity should be a priority for your organization because data breaches affect the bottom line, all companies regardless of industry and size aren’t immune to cyberattacks, and organizations, including the government, require contractors to protect PII. One way to prevent cybersecurity in contract management is to choose a contract management system that leverages SAML Single Sign-on (SSO) federated authentication.