A funny thing happened after hacker collective Rex Mundi stole 24,000 records from Belgian loan company AFC Kredieten. The hacking group explained what they look for in a data breach victim. As The Register details, the hackers posted on their site that "the companies we targeted have only one thing in common: mediocre IT security protocols or poorly designed web applications." Ouch.
Rex Mundi hackers were giving you a heads up – when cyber criminals sense a flaw, they strike. These liabilities aren't something to sneeze at: one-third of the top websites have known security vulnerabilities.
What does it mean if your clients have shoddy IT? That's the IT risk management equivalent of when a store owner doesn't bother to wipe up a slick floor on a rainy day. It works both ways:
- If your clients aren't investing in new IT or updating, their site is vulnerable and they could expose you to an Errors and Omissions lawsuit.
- If you create an environment where your customers are at risk, the liability could fall back on you.
If a customer slips and falls at a store, what do they do? They sue the store owner. If customers' data is exposed because of a known vulnerability or shoddy IT work, what do they do? They could file an Errors and Omissions lawsuit, alleging you dropped the ball and should have done more to protect their data.
Yes, E&O Liabilities Are Increasing as More Data Breach Litigation Happens
The Legal Intelligencer reports on a recent cyber liability conference during which tech lawyers and cyber security experts agreed – there are more data breach lawsuits now than ever before. And they show no signs of slowing down.
So how do you shield your company from a data breach lawsuit? Try these simple safeguards:
- Get your clients to invest in good IT. As we saw above, you can be sued if your IT isn't up to snuff. You'll need to ensure all tech – yours and your client's – is secure. In addition, you'll want to adopt best security practices like establishing a CISO, developing security incident protocol, and conducting periodic reviews of IT security (see our Customer Education Packet, a free resource to teach your clients basic data security hygiene).
- Protect your business with technology insurance. The second component of your risk management is your Errors and Omissions Insurance. If you're sued over a problem with your IT, E&O may cover the cost of the lawsuit, potentially paying for your legal fees and damages you owe (if you lose the lawsuit).
It's always important to remember that risk management isn't an either-or proposition. It's usually "all of the above." You'll want to invest in IT, train your staff, perform security audits, and invest in business insurance. Neither insurance nor best practices are enough on their own. Insurance never guarantees that you'll be covered for a claim, so you'll need to take steps across the board to reduce your risk.
Risk and Marketing: When Bad News Is Good News for IT Professionals
Is there any upshot to your increasing cyber risk? If your clients are on the fence about investing in more secure technology, you can point them to stories like this Rex Mundi hack. If clients don't stay up to date, they're basically leaving the door open for hackers and potentially exposing their business (and yours) to a lawsuit.
Businesses are increasingly worried about their data breach liabilities. That's an opportunity for you. By emphasizing security and tapping into this growing market, you may potentially position your company for bigger revenues down the road. Just make sure you have a plan to account for you E&O risk.
