4. Poor Control Over Third-Party Responsibilities
Organizations that had breaches due to an error on the part of a contractor or other outsourced organization often incurred additional data breach costs, according to the Ponemon Institute. A chief security officer should be involved in contract negotiations when outsourcing business functions, say security experts. Contractual agreements, especially those involved with cloud providers, need to address security and clearly delineate responsibilities of both parties involved.