Fast-growth technology (FGT) companies will often depend on their offering being built on software developed by another organisation. Some organisations may try to develop their own proprietary technology in-house, but the cost/benefit of this and transitioning clients to the new technology, can be difficult to navigate. Alistair Maughan and Gemma Anderson, Partners at the law firm, Morrison & Foerster, outline below how a business can protect itself against litigation and commercial risk should the third-party technology relationship fail.
In an increasingly interconnected world, all organisations rely on key suppliers to support their growth. However, when these relationships encounter challenges, the impact can hurt an otherwise successful business. Many fast-growth technology companies build their product on top of software or services developed or delivered by another organisation, such as cloud storage or payment platforms. This allows companies to save resources, money and effort as well as optimise their business processes. Add to this, the fact that COVID-19 has accelerated the need for companies to enhance and expand online offerings and pivot quickly, and it’s no surprise that businesses are more than ever leaning on the specialisms offered by others as they look to scale.
The challenges with third parties
Many businesses will depend on just one company to provide the platform that underpins their entire service. While companies won’t want to be over-reliant on a single supplier, there are potential risks of inconsistencies and performance issues that come with juggling multiple third parties. However, with this comes the concern that even a brief period of downtime could have a significant commercial impact and cause long-term reputational damage. If the supplier or the relationship fails altogether, the consequences could be catastrophic.
This is where the risk is highest for a scale-up, with the endgame being to minimise the downside risk of dependency on third party suppliers as the business continues to grow. Once the business has scaled to a certain level, it will be in a stronger position to mitigate risk by effectively deploying across alternate suppliers.
The third-party security challenge
According to Researchgate, the global market for outsourced services exceeded US$92 billion in 2019 and is set to continue to grow. As businesses continue to rely on third parties to support their growth journeys, the issues of data security and ownership have become more important.
The Ponemon Institute recently surveyed more than 1,000 CISOs and other security and risk professionals across the US and UK to understand the challenges that companies face in protecting sensitive and confidential information shared with third party suppliers and partners. The findings revealed that 59% of companies had experienced a data breach caused by a vulnerability in one of their vendors or third parties.
A potential investor looking at a FGT business will want to know who the outside suppliers are and how much they are relied on. With cyberattacks on the rise, any investor will want to know how much sensitive information is provided to a third party, and how integrated they are within the business as it scales. No investor wants to be holding the baby in terms of tech risk and liability, so it is extremely important to have clear contractual and commercial terms that back-off liability and risk both upstream and downstream in the supply chain.
The option to build in-house
Some organisations may try to develop their own proprietary technology in-house. However, the cost-benefit of starting from scratch or transitioning clients to a new proprietary technology platform can be difficult to navigate. The challenge for the vast majority of FGT businesses is whether the protection given from building services from scratch outweighs the convenience of outsourcing. The funds and extra skill sets needed, as well as the need to keep the day-to-day operations running smoothly, can be too much of a headache.
A watertight relationship
The reality is that it makes sense to make careful use of third parties. But it’s important that the company’s relationship with its suppliers – and the protections offered as part of those agreements – are absolutely watertight. So, for example, you should try to insulate the business from consumer action if they suffer from your downtime caused by a supplier, through advantageous terms or an easy exit route if your supplier fails you. If your service depends on a cloud hosting provider that offers only contract terms with limited service levels and a broad right to suspend its service, you need to make sure that your customer offerings mirror those terms. This will not only protect the business but prove to an investor that the company has covered the risks that can sometimes be outside of its control.
As with any business, the battle is always to reduce risk, and when a business is scaling and relying on outsourcing, the risks can be higher. By diversifying its dependence on suppliers, it can lower the chances of being caught out if a single supplier faces challenges of its own. By having clear and consistent contracts in place, the company can ensure it continues to manage technical and commercial risk within the business, putting it in a strong position when looking for further investment as it scales.
Click below to share this article