If the information, business processes, and IT systems of an organisation are inadequately
protected (for example, as a result of inadequate security management), this can result in
violations of regulations relating to information processing or of existing contracts with
business partners. The laws that apply depend on the type of organisation at hand and its
business processes and services.
Depending on the locations of the organisation, various national and international regulations
may also need to be followed. If an organisation has insufficient knowledge of international
legal requirements (regarding data protection, the duty to supply information, insolvency law,
liability, or access to information for third parties, for example), this increases the risk of
corresponding violations and related legal consequences.
In many industries, it is common for users to require their suppliers and service providers to
comply with certain quality and security standards. If a contractual partner violates
contractually regulated security requirements, this can result in contractual penalties, contract
termination, or even the loss of business relationships.