• Cory Ryan

Brazen Hack at FireEye and What Customers Need to Know

Updated: Jan 14

On Tuesday of this week, it was learned that the cybersecurity software supplier FireEye had been hacked, probably two weeks ago, presumably by a foreign government. The company revealed that a cache of hacking tools used to test the strength and vulnerability of client data security had been stolen, and measures were being taken to detect the use of them. There is no evidence yet that the tools have been used, or that any client data was stolen.

Clients are urged to check their FireEye contracts with their respective legal teams and look for language that protects them, grants concessions, or allows them to terminate their agreements should they choose to do so.

We examined a number of FireEye contracts as well as FireEye’s standard Master Agreement and determined that in most cases, a client may terminate an agreement if there is a contractual breach and the vendor is given written notice, subject to a 30-day cure period. If FireEye fails to correct the breach after 30 days, clients must submit a second written notice to terminate their deal.

Specifically, clients are encouraged to look at the agreement language related to “Termination for Material Breach” within a 30-day period. It could be argued that a security leak at FireEye which compromises client data would constitute a “material breach”; after all, customers purchased the FireEye solution to prevent exactly these types of events. While the breach at FireEye may or may not provide grounds for termination, it is worth examining and understanding the clause in case a client wants to terminate and move to another provider for security performance reasons.

The other clauses to be examined are those typically found under “Services Warranty” and “Subscription Warranty”, that state that the vendor will correct or cure a breach problem at its own expense. Customers that wish to invoke the warranty language must notify FireEye within 30 days of when they believe their contract may have been breached. In other words, if a client believes the recently announced breach at FireEye constitutes a breach for them, they must act before January 8, 2021.

In addition, customers of FireEye currently have an unprecedented leverage opportunity with the vendor. Clients interested in buying or renewing FireEye software can take advantage of the hack to gain aggressive concessions in their next deal. It is difficult to imagine anything worse for a security firm’s reputation than being hacked themselves; in fact, the company’s stock fell 13% the next day. Deal makers are advised to build the breach into their messaging strategy to drive down pricing and get competitive terms, such as those that protect against renewal increases or future security incidents. In the weeks and months ahead, clients will likely find that FireEye is willing to do anything and everything to keep and/or win business.

Cory Ryan is an Analyst II at ClearEdge Partners.

For more information about leverage management, effective messaging, and contract inspection, view our recent Leverage Management 30-minute webinar, read our blog titled Leverage: The Key to Every Deal, or contact your ClearEdge representative.