So, problem solved? Doubtful.
Because the issue here is liability. Crime is but one element in the human drama surrounding digital life. And compared to many of the others, it appears relatively insignificant. Those others include carelessness, ignorance and incompetence.
And the liability stems from the fact that those exhibiting such traits may be in your employ. The people who are demanding protection - or satisfaction - are those who entrusted their data and sensitive documents to you. When those are compromised, legal action may well follow. It is not that you and yours intended to share this information with the rest of the known world. But it happened and someone has to pay damages.
The growth of this insurance market comes at a convenient time. The lingering recession has decimated lawyers' incomes. And insurance, while profitable, is not growing at a fast clip. Everyone else appears to be benefitting from ecommerce. Why did you imagine the legal community would not? JL
Michael Brown reports in Defense Litigation Insider (hat tip Julie Meadows-Keefe):
Cyber security, the protection of an entity’s confidential and proprietary information, is becoming an increasingly important concern to companies in almost every industry. Moreover, as technology continues to grow at an exponential rate, cyber crimes and the resultant litigation continue to grow right along with it.
It is no secret that businesses today rely heavily on technology. In today’s market, it is almost imperative to possess cutting edge technology in order to remain competitive. For example, many companies have shifted their databases and infrastructure to the “cloud.” In addition, mobile device technology allows a company’s employees to access sensitive information from their homes, airports and restaurants.
These technological advances come with inherent risks. A company may electronically store its entire infrastructure and all of its client data, and often hires third parties to keep this information at off-site facilities. As a result, vital information may be exposed to attack by cyber criminals, who attempt to gain access to customers’ personal and financial information. Phishing attacks, trojans, and viruses constantly threaten corporate databases. In extreme cases, large and influential businesses and government organizations must defend against “advanced persistent threats,” which are coordinated attacks by an adversarial group, such as a criminal organization or foreign government. Making it even more difficult is the fact that many countries lack cyber crime legislation, which makes it possible for criminals to operate from almost anywhere in the world with relative impunity. A report last year by Symantec Corp. estimated that 73% of small to midsize companies have been victim to a cyber attack.
Not surprisingly, the costs facing companies who find themselves facing cyber-related liability are daunting. State and federal regulations typically require companies to implement costly customer notification protocols. On top of that, businesses must also investigate the cause of the security breach and take remedial measures, which is challenging in an environment where hackers can stay a step ahead of cumbersome corporate IT departments. Companies must also anticipate an interruption in business, either caused by a hacker or by a security measure implemented by the business itself, which is costly in terms of lost profits and opportunities. Some businesses may also require expensive public relations help after a data breach in order to shore up consumer confidence, especially in the case of corporate defendants. Finally, data breaches can be costly in terms of government penalties, as well as the legal fees associated with government investigations and settlements. For all of these reasons, it is not surprising that the U.S. Cost of Data Breach Report has estimated a cost to companies of $214 per compromised record and $7.2 million per data breach event.
These conditions have encouraged companies to transfer risk to third parties, creating a boom in so-called “cyber risk” insurance. While Symantec has estimated that only 33% of small and midsize companies have obtained cyber insurance, the field is growing, and not just with banks and credit card companies. Any entity that could be exposed to identity theft could benefit from protection, including insurance companies, asset managers, retailers and law firms. Based on the imminent growth in this field, a division of Liberty Mutual is expected to introduce three cyber liability policies which will cover data breaches and technology errors.
Despite the uptick in data theft incidents, plaintiffs have thus far found it difficult to maintain successful lawsuits against corporate defendants. Most courts maintain a high “actual harm” standard. That is, only those customers whose stolen information has led to looting of their bank accounts or some other crime may sustain a suit against the company. The plaintiffs’ bar is, however, working to erode that standard by advocating a “credible threat of harm” standard, and by requesting discovery on the plaintiffs’ claims. Because cyber litigation involves class-action suits with potentially thousands of plaintiffs, discovery is expensive and often spurs defendants to engage in costly settlements. In addition, many expect that existing cyber crime legislation and consumer protection statutes could be amended to make it easier to sustain a suit.
One thing is clear: cyber crime is becoming a fact of life for companies. The fallout has created a new industry in the insurance market, and “cyber litigation” will surely follow. With thousands, or even millions, of potential class members, we are likely to experience huge growth in cyber lawsuits in the near future.
0 comments:
Post a Comment