News + Resources

In today’s world, most businesses depend on technology. From the moment you switch on your computer to the apps running behind the scenes, it’s clear that we rely on IT companies to keep everything ticking. But what happens when those systems fail? For many businesses, the answer is simple: they can’t operate.

This dependency is what experts Rob Dorey and Bill Egerton from Astaara call a “tech trap.” Big IT companies hold the power, and we, the customers, have little say in the matter. It’s a one-sided relationship, and it’s time for change.

A growing problem

Cyber incidents have become an unfortunate reality. Over the past eight years, more than 60% of the global shipping industry has been hit by cyberattacks. Whether it’s malware corrupting systems or ransomware locking businesses out of their own data, the fallout is immense.

Events like the CrowdStrike mishap, while not a cyberattack per se, caused systems to crash, and highlight the risks of relying on technology that doesn’t work as intended. When these issues arise, they cost businesses millions, not just in downtime but in cleaning up the mess.

The truth is, no one is immune. Every company that uses technology depends on third-party suppliers, and the bigger picture is even scarier: most of us rely on just a handful of giant corporations. Yet, despite this dependence, contracts between businesses and IT providers rarely address what happens when things go wrong.

Unbalanced contracts

Imagine buying a car and being told that if the engine fails, you’re on your own. Ridiculous, right? But that’s essentially how IT contracts work. Many tech providers sell their products “as is,” meaning they take no responsibility for failures, bugs, or vulnerabilities.

Back in the early days of tech, this might have made sense. Software was new, small companies were building innovative tools, and users understood the risks. Fast forward to today, and these providers are some of the wealthiest companies in the world. Despite their size and influence, they still avoid taking responsibility for their products.

Let’s put this into perspective. If a business owner with a £300m balance sheet suffers losses because of a negligent IT supplier, why should they bear the cost while the supplier, with a £65bn balance sheet, walks away unscathed? This imbalance is both unfair and unsustainable.

Why shipping (and everyone else) should care

In the shipping industry, contracts have long been designed to manage risks. Whether it’s bills of lading or charterparties, there are established processes to allocate liability and settle disputes. But when it comes to IT-related incidents, things are less simple.

For example, if a shipping company’s systems go down due to a cyberattack, how do they determine who’s responsible? Their insurance might cover some of the losses, but uninsured damages could be catastrophic. Worse, the IT provider’s contract likely absolves them of all liability.

This isn’t just a shipping problem – it’s a global issue affecting every industry. Most businesses don’t realise where the liabilities lie in their IT contracts. That’s why experts recommend demanding proof that your IT suppliers have insurance and that wherever possible you should seek warranties or indemnities from suppliers for any damage a system failure might cause.

Why it matters

Think about it: would you let a ship sail without hull insurance or let a teen drive without car insurance? Of course not. So why would you trust an IT supplier without verifying their ability to cover risks?

The stakes are high. A cyber incident caused by a supplier could bring your business to a standstill in minutes. And as technology becomes more complex, the potential costs of failure only increase.

The box is sealed

Part of the problem is the “black box” nature of modern technology. IT providers often lock their products down, preventing users from troubleshooting or improving them. They claim it’s to protect intellectual property, but it also ensures steady revenue from service contracts.

This leaves users with few options. Repairs are expensive, and support can be hard to access – especially for industries like shipping, where operations span the globe. If something goes wrong, the blame often falls on the user, even if the root cause lies with the supplier.

Breaking the cycle

The reliance on a few dominant IT companies creates risks that go beyond individual businesses. These companies control access to critical systems, and when their products fail, the ripple effects are enormous.

In the recent CrowdStrike incident, a process failure led to the release of a faulty update, causing widespread disruption. Lawsuits, like the one filed by Delta Airways, may push for accountability, but the bigger question remains: why wasn’t the update tested by Microsoft before being released?

This lack of oversight is alarming, especially when you consider the growing role of IT providers in critical infrastructure.

What needs to change?

It’s clear that the current approach to risk in IT contracting doesn’t work. Businesses can’t continue to shoulder all the risks while suppliers face none. Contracts need to evolve to reflect the realities of today’s interconnected world.

Governments may need to step in, just as they have in other industries. For example, the tainted blood scandals and lawsuits against tobacco companies both led to tighter regulations and greater accountability. A similar approach may be necessary for IT.

Taking control

While systemic change will take time, businesses can take steps to protect themselves now:

1. Demand accountability: Ensure your IT suppliers have proper insurance and clear liability clauses in their contracts.
2. Understand your risks: Identify which systems are critical to your operations and assess their vulnerabilities.
3. Be proactive: Regularly review and update your IT contracts to ensure they align with your business needs.

Conclusion

The tech trap is real, but it doesn’t have to be inescapable. By acknowledging the risks and pushing for fairer contracts, businesses can start to level the playing field. The days of IT providers selling “as is” products with no accountability need to end. As customers, we have the power to demand better – and it’s time we used it.