All Research
Advisory Note
I like this
I don't like this

Cyber Risks from China: How Contract Negotiations Can Mitigate IT Risks

Mike Small
China is an important economic partner for most enterprises, but doing business in and with China introduces its own set of risks. This report provides an overview of the major cyber related risks related to doing business with China and outlines the steps to manage and mitigate these risks.

1 Introduction / Executive Summary

China is an important economy—it is too important to ignore, but doing business with Chinese organizations comes with risks. Many cyberattacks are alleged to originate in China, and Chinese manufactured components are suspected to contain hidden cyber capabilities. In addition, there are both commercial and geopolitical risks.

To manage these risks, it is important to understand China’s worldview. From China’s perspective, it believes that as a socialist country it will meet with strong opposition from other non-socialist countries. Chinese strategy to counter this perceived risk and to realize their global ambitions is to create dependency. The tactics to achieve this include creating leading-edge technology which undercuts that from market led economies and is given freely to developing countries. Telecommunications, 5G networking, and AI are examples of technologies that China has provided to countries with emerging economies.

To accelerate the technological capabilities of Chinese industry, the People’s Republic of China (PRC) army has engaged in cyber espionage over many years. For example, an Indictment filed in May 2014 in Pennsylvania alleges that between 2006 and 2014, the People’s Liberation Army (PLA) conspired to hack into computers of US organizations to steal information that would be useful to their competitors.

In addition to the risk of cyber espionage, China is now a major source of components that are widely used across all industry sectors, and this creates supply chain risks. Geopolitical disputes could disrupt this supply chain in the same way as the recent Covid pandemic. From a cyber security perspective, the components could contain hidden backdoors or undocumented functionality that would allow data theft or remote control.

Organizations need to take steps to manage the risks. Contracts are not the only approach and only work where there is an enforceable legal framework. Organizations must understand the way in which their trading partners behave, expect this behavior, and take steps to manage it. Trading creates a mutual dependency where each side stands to lose if the other is deterred from trading. Organizations must use this knowledge as a negotiating strength.

Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Register
Get premium access
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use