What's putting you at risk?

We surveyed over 2,000 business leaders like YOU to identify the key risks you’re facing and created the UK Business Risk Report - full of practical insights to help you tackle them. Download your FREE copy today.

Employee of a tech company working on contractual risks on his laptop

Managing contractual risk in technology companies

In our increasingly digital-first world, technology pervades almost every aspect of modern life. It’s a critical business enabler, with everything from cloud, AI and automation technologies, to digital transformation projects driving innovation and efficiency in virtually every sector1.

There is, however, an important underlying consequence of that revolution – a massive growth in the number and complexity of contracts that technology companies of all shapes and sizes must now manage2.

Today, technology companies manage thousands, even tens of thousands of contracts spanning a wide range of applications – contracts with customers, resellers and distributors, 3rd party technology licencing, joint ventures, employment and contractors, the list goes on.

Technology contract risk

Weak or incomplete contract risk management can leave technology companies exposed to a wide range of risks, which include3:

  • Revenue leakage and cost overruns can stem from weak contract terms and lack of contractual oversight during a project, for instance leaving additional service hours unbilled, or high value services unmonetised4.
  • Scope creep which can create additional costs and leave a business without sufficient contractual cover for emerging liabilities2.
  • Quality failures or failure of a contracted product or service to meet business needs, which can lead to complex contract disputes2.
  • Damage to a business arising from contract breaches.
  • Loss of intellectual property (IP) can arise from poor contractual coverage.

All these issues can lead to contract disputes, liability claims and, ultimately, litigation2, which brings us to the main contract risk facing technology businesses – the acceptance, limitation or exclusion of liabilities in contract terms.

There is an important complication here: The intersection between contract terms around liabilities and the availability of sufficient insurance to cover them, which is becoming more problematic in a hardening E&O (errors and omissions) insurance market2.

The issues here include taking contractual responsibility, and therefore potential liability, for issues beyond the company’s control, including unenforceable liability exclusions, or agreeing to unlimited or onerous liabilities in one sided contracts – all of which can have serious legal, financial, and reputational consequences in the event of a dispute5.

Technology contract risk management

The sheer scale of the technology contract management task and the associated risks mean that technology companies should take steps to put in place sophisticated contract risk management processes that span the entire contract lifetime2.

This should take the form of a detailed and proactive risk management framework, spanning a range of business functions. For instance2:

  • Procurement or sales processes should include due diligence, credit and litigation checks to identify issues and risks that may affect contract or insurance terms.
  • Contract approval should not be a tick box exercise, but a detailed process informed by contract risk reports, the contract business case, and a gate approval process.
  • Governance boards should have visibility of contract risk through weekly or monthly reporting.
  • Internal assurance should provide a third line of defence. Independent audit of everything from process and quality control to risk management adds another layer of defence by strengthening and assessing the risk management process and controls employed by operational and delivery teams, and compliance functions.

Fundamentally, this framework is about identifying and managing contract risk, but also in understanding that contract risk is not just about contract terms.

In the increasingly complex world of technology contract risk and insurance, these approaches are vital to protecting revenues and reputations, and in managing effective risk transfer programmes in the face of a hardening E&O insurance market.

For more information

A recent Marsh webinar covered these issues in detail, looking at key contract risks, real life case studies, contract risk management frameworks, implications for insurance and more – and can be watched in full here.


1 https://businesschief.eu/technology/ict-critical-business-enabler
2 https://www.marsh.com/uk/insights/research/technology-contractual-risk-management-tech-e-and-o-webcast-replay.html
3 https://www.pwc.co.uk/services/risk/commercial-assurance/contract-risk.html
4 https://uplandsoftware.com/psa/resources/blog/revenue-leakage-what-causes-it-and-what-you-can-do-to-stop-it/