While contract redactions are used to protect companies’ information, a recent study has found that in certain cases at least they can actually encourage cyberattacks over the years following said redaction.
Regulation S-K requires the disclosure of material contracts. However, firms can decide to temporarily redact confidential information from their material contracts to prevent impairment of the contract or harm to future profitability.
The recently released paper — authored by Hilary Hughes and Stephanie Walton of Louisiana State University and Thomas Smith of the University of South Florida — examined a sample of 5,888 firm-year observations with material contract redactions from between 2008 and 2018. The researchers then used mathematical modeling to determine whether there was a relationship between these contract redactions and subsequent cyberattacks. The paper determined that there was such a relationship.
“Our results suggest that redactions have an immediate impact on breach likelihood in the two years following the issuance of a CTO. The act of making material contract information confidential and the confidential treatment period appear to be predictive of breach risk,” said the paper’s analysis section.
The researchers theorized that current-period redactions could signal that there is potentially valuable temporary proprietary information within material contracts, increasing the potential payoff of a breach. This conclusion is bolstered by the fact that the risk seems greatest in the short term, pointing out that in the long term a redaction of proprietary information can only last up to 10 years.