A report by global law firm Hogan Lovells revealed 61% of large corporations in Greater China (GC) are unprepared for the legal risks or reputational damage arising from tech failure, tech bias and data leaks.
The survey of 130 business leaders in Asia revealed that only 39% of large corporations in GC are sufficiently prepared for the legal risks or reputational damage arising from tech failure, tech bias and data leaks.
The report found that 70% of businesses surveyed in Hong Kong (HK), and 60% in GC, do not have an up-to-date response plan (updated within the last two years) in case of a cyberattack or data leak.
While along the lines as Japan’s with 82%, Singapore (SG) fared better with 69% of respondents (69%) stating that they have adequate processes in place.
More alarming, 90% of businesses responding to the survey in HK (the highest in the Asia region) do not involve their legal teams in the creation of cyber response plans.
More bad news
- 65% of respondents in Hong Kong, and 61% in Greater China, are not currently considering how to prevent and mitigate technology failure
- Only 11% of boards in GC deem technology risk to be as important as financial and other traditional risks
- Nearly 78% of respondents in HK consider that their safeguards against major tech failure are still inadequate post the outbreak of COVID-19
- 54% of respondents in GC see technology as a core part of their growth strategy, only 32% are more than somewhat confident that their senior executives understand all the potential legal risks
- 36% plan to enter into a joint venture with technology partners, 57% plan potential M&A, and 50% plan to outsource a key business function to a technology company
- 57% of businesses surveyed in HK plan to accelerate their hiring of tech experts over the next two years but many find it increasingly challenging to assess all the risks and liabilities associated with acquiring and partnering with technology companies
These issues can be a legal minefield, with privacy concerns considered the most important ethical issue in the development and deployment of technology. This applies to areas such as cloud technology – particularly topical following the COVID-19 pandemic which has spurred increased investment in cloud services.
The report reveals that three quarters of companies in GC, and 71% in the wider Asia region, intend to boost investment in the cloud by 2022.
Despite a growing reliance on technology platforms provided by partners or third parties, 74% of businesses surveyed in GC do not routinely check if all their suppliers have adequate cybersecurity credentials even though this could weaken their own IT defences. This compares with 67% in SG and a significantly lower 44% in Japan.
“Businesses that use and sell technology increasingly encounter complex ethical issues, and in the wake of the COVID-19 pandemic, we have seen an unfortunate increase in such matters, specifically privacy concerns and cybersecurity vulnerabilities,” said Antonia Croke, partner in the Litigation, Arbitration and Employment practice at Hogan Lovells in Hong Kong.
Privacy concerns also extend to smart IoT devices, such as wearables and “smart home” products, and technologies making use of artificial intelligence, which may store and share a vast amount of data. Yet 78% in GC and 81% in Hong Kong of businesses do not involve privacy specialists from the outset of product development discussions, which means they could inadvertently breach data privacy regulations when they develop or update products.
As “privacy by design” becomes part of the compliance considerations in Asia, regulators will expect businesses to do better on this score.
Croke added that privacy concerns are the most significant ethical challenge in deploying tech for businesses in Greater China as well as in the broader Asia region.
This no doubt reflects the tightening of data privacy regulations in recent years in local jurisdictions, as well as consumers’ increased focus on their privacy rights, and the significant reputational and financial consequences that can result from failing to comply with applicable laws.
“We would encourage all companies across Asia to consider their protection measures for a potential cybersecurity incident, including their cybersecurity preparedness, incident response, notification requirements, and litigation and regulatory enforcement risks.Antonia Croke
The dangers of technology over confidence
Chris Dobby, a Hong Kong-based Partner in Hogan Lovells’ Litigation, Arbitration and Employment practice, commented that the transformative power of technology has made it integral to many businesses’ growth plans and, in 2020, companies came to rely on it more than ever.
“But when technology goes wrong, it can not only cause significant operational, financial and reputational damage to a business, its customers and employees – it can also lead to a regulatory investigation or litigation."Chris Dobby
Businesses in GC must carefully consider how to mitigate the risks. “Boards and the C-Suite should be involved in identifying risks, and collaboration with legal teams and privacy specialists is key. Protection measures can be complex but the cost of doing so pales in comparison to the opportunity technology can provide and the cost of not being prepared if your tech fails or is attacked,” he suggested.
Four key principles of preparedness
- Boards and the C-Suite should be involved in identifying risks
- Collaboration with legal teams and privacy specialists is key
- Risks should be monitored through the entire tech lifecycle
- Undertake proper due diligence, as businesses are only as strong as their weakest third party suppliers
Des Hogan, head of the Litigation, Arbitration and Employment practice at Hogan Lovells, added that “In all these areas, there are businesses who have been focusing on technology risks for a long time. We should look to the best practices they’ve put in place, to understand what others can do to better manage their risks”.