Half of corporate giants do not check if their tech is discriminatory, exposing them to lawsuits and regulatory investigations

London, Washington, D.C. - According to a report released today by global law firm Hogan Lovells, based on a survey of 550 businesses, less than half of large corporations globally are sufficiently prepared for lawsuits or reputational damage arising from technology-related issues.

The report found that 45% of businesses globally do not check technology supplied to them  for racial and gender bias.  Inadvertent consequences could include facial recognition sensors being less able to accurately identify women, or people with darker skin, algorithms which amplify (rather than prevent) bias in the recruitment process, or medical devices giving higher priority to certain patients when it comes to treating complex medical conditions.

Most improvements in AI systems are made because of advances in machine learning. However, algorithms often adopt unwanted biases found within the data on which they are trained. This opens major businesses up to a variety of legal and reputational risks.

Des Hogan, Global Head of the Litigation, Arbitration and Employment practice at Hogan Lovells, commented: "Smart technology is rapidly becoming more accessible and affordable, with products on the market ranging from smart thermostats to wearables tracking medical data. As layers of software are woven into devices, the risk of hacks, tech failures or racial and ethnic bias only increases, and with it both legal and reputation risks. The C-Suite must have oversight and consider how to manage technology risk throughout their business."

The report also found that:

• Only 9% of boards surveyed deem technology risk to be as important as financial risk or other traditional risks (overseeing technology risks “to a significant extent”).
• 60% of business leaders are not actively involved in mitigating the regulatory and litigation risks of technology failing , including failures that would render critical systems or products unusable or unprotected
• Although 76% of businesses have a cybersecurity response plan, half (47%) of businesses have not reviewed their cyber response plans within the last two years and only 31% of these were prepared in collaboration with legal teams
• Only 37% of senior executives are more than somewhat confident they have adequate safeguards in place to handle threats and 68% do not consider their crisis management safeguards appropriate post COVID-19

According to Hogan Lovells, there are a number of associated legal risks. Des Hogan said: "Cyber attacks, algorithm bias and technology failure can pose significant long-term risks to a company’s reputation and brand, not to mention result in potential disputes and regulatory investigations. 

"Investing in protection against these risks can be complex and time-consuming but the cost of doing so pales in comparison to the opportunity technology can provide and the cost of not being prepared if your tech fails or is attacked.

"In 2020 companies came to rely on technology more than ever, so being prepared for a failure of that technology is critical. Our report identifies some of the key areas that businesses need to focus on, including cyber and data risks, ethical issues, and technology failure."

Other key findings include:

• More than a third of businesses surveyed are not aware what technology is business-critical to allow them to continue operating. This could expose companies to contract disputes, professional negligence, product liability and data-related claims.
• Two-thirds of respondents do not check all their suppliers’ credentials to ensure they don’t allow a back-door to their cyber defenses 
• Over half (55%) of businesses surveyed find it increasingly challenging to  assess all the risks and liabilities associated acquiring and partnering with technology companies. For example, these risks could include algorithm bias, an increased risk of tech failure or cyberattacks 
• 53% of respondents plan to accelerate their hiring of tech experts over the next two years but many are not aware of the risks

Commenting on technology partnerships and technology hires, Des Hogan continued: "It is encouraging to see that half of businesses globally intend to partner with technology businesses by 2022. Whether they do that through M&A, joint ventures or outsourcing agreements, there are a number of risks that businesses need to be aware of. The most fundamental of these is that the technology itself might not work, or be less advanced than expected. The first step to protecting against these risks is to include internal and external legal counsel from the earliest opportunity."

There is no single way to define what preparedness looks like, but, according to Hogan Lovells, it includes contingency planning based on four key principles:

1. Boards and the C-Suite should be involved in identifying risks
2. Collaboration with legal teams and privacy specialists is key
3. Risks should be monitored through the entire tech lifecycle
4. Businesses are only as strong as their weakest third party

Des Hogan added: "In all these areas, there are businesses who have been focusing on technology risks for a long time. We should look to the best practices they’ve put in place, to understand what others can do to better manage their risks."

METHODOLOGY

We surveyed 550 participants, including GCs, heads of legal or equivalent, chief information security officers or equivalent, COOs and CEOs. We surveyed businesses with annual revenues of US$200m-500m, US$500m-1bn and more than US$1bn. The respondents were based in the U.S. (100), UK (100), Germany (100), France (100), China (45), Japan (45), Hong Kong (20), Singapore (20), Italy (10) and Spain (10). The survey covered the following sectors: technology & telecoms (82), financial services and insurance (82), life sciences (82), automotive (83), consumer (83), diversified industrials (83), energy and natural resources (55). The survey, which took place in the second half of 2020, asked participants to look forward to 2021 and 2022.

This anonymous survey was conducted, on behalf of Hogan Lovells, by an independent research agency. The survey was conducted in accordance with recognised industry standards.