More than half of Americans think there is more risk in storing their banking information in the cloud than there is in driving without a seatbelt.
This statistic compares two very different forms of risk and in a sense those who make this evaluation are right – the statistics certainly show that the probability of on-line fraud is greater than that of a serious car accident.
But the statistic – which comes from a Norton study of cybersecurity – perhaps better indicates the weaknesses in making risk assessments. It is not storing data in the cloud that is especially risky; it is the broader issue of how we handle activity in the on-line world – for example, in our use of passwords, or public computers, or the sites we access.
The approach to contractual risks has many similarities. Despite the claimed expertise of contracting professionals, many allow themselves to focus on the wrong aspects of risk. They see their role in terms of battles over risk allocation, rather than working with the counter-party to reduce or eliminate risk probability. This approach has been in large part driven by too much focus on the specific interests of the legal and risk management communities, both of which have a vested interest in risks occurring (because it keeps their work relevant and ensures they remain employed).
My observation about lawyers is not intended to challenge their opinions or contribution to contracting, it is simply making the point that they represent one element of the overall picture. They are one stakeholder among many. And if we allow any particular stakeholder to take a dominant position in creating contracts, we are not in fact handling risks – we are ignoring reality, just like the people who reject cloud computing.