Enron-style IT breach will see vendors in court

IT providers will be forced to take greater responsibility for application breaches and poorly-designed software as local customers embrace an emerging trend which includes suing vendors.

In a forecast of future trends in the IT market, the head of the Unisys secure identification and biometrics practice, Terry Hartmann, warns the day is fast approaching where users will be able to sue vendors for releasing unsecured product.

He said the onus will be on providers to be more responsible for the products they provide that secures private information held by financial firms and credit card companies.

Initially, Hartmann said, it will happen in the US but Australia will not be far behind.

"It is about a general level of responsibility," Hartmann said.

"If you looked at a contract with the government now there are chances they could sue a developer of an insecure product, but the average retailer would not have a contract that rigorous for an application developer - they need legislative backing for that level of risk.

"It is only a matter of time before an attack on a specific vendor's application or database product causes damage that leads the customer to sue the software provider for the consequences of the security breach."

Hartmann added that it will take a significant disaster to create the catalyst "in the same way Enron changed the scope of auditing in financial management".

However, at the network level, NSW State Library IT manager Saraj Mughal said it is still IT managers that are held responsible for security.

"Security is the responsibility of both the customer and the vendor. If users suffer breaches through applications, then that is where the vendor responsibility comes in," Muraj said.

"At the moment it is hard to prove; you need to keep a log of evidence.

"It will be much easier to prove as technology matures."

Peter James, joint IT manager at University of Technology Sydney said he would love the opportunity to sue vendors, but has to be realistic. James said it would have to be a really bad breach to even consider taking a vendor to court.

"While we all like to bash vendors," he said, it would have to be a very serious breach adding that the US is far more litigous.

National head of IP and technology for Gadens lawyers, Andrew Perry, said it all depends on how the product is used and the IT environment in which it is used.

"Increasingly, suppliers continue to tie performance and security with support and maintenance contracts - in this case an end user is much more likely to expect ongoing security support; I think taking a vendor to court is the last option a customer will follow," he said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about EnronUnisys AustraliaUniversity of Technology Sydney

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Crawford

Latest Videos

More videos

Blog Posts