Any time a client's digital assets are exposed in a data breach, an IT professional may face professional liability exposure – meaning he or she could get sued.
In the small business insurance world, this is known as third-party cyber liability risk. In other words, you could be sued if a third party (e.g., your client) experiences a data breach. If an IT consultant installs the network, systems, software, and devices that hold a client's data, he or she could be responsible if that data is compromised.
Cyber Liability 101: What Is a Digital Asset?
A client's digital assets may include…
- Intellectual property.
- Employee records.
- Customer data.
- Financial information.
- Media files.
Businesses have many more digital assets than the typical consumer. A consumer's digital risks are often limited to identity theft, but a business could be at risk for insider trading, corporate espionage, fraud, and a host of additional cyber issues.
What Is Third-Party Cyber Liability?
You might be thinking that this lawsuit risk is unfair. Are you really responsible if a hacker breaks into your client's network or if malware slips past your client's defenses? Unfortunately, you can be sued in these situations.
Anyone can name someone in a lawsuit, regardless of merit.
(@OssianLawPC), of Ossian Law P.C., warns IT consultants that it doesn't take much for clients to sue their tech consultant.
"Of course, anyone has the ability to name someone in a lawsuit regardless of whether there is any merit for a claim," Ossian says.
All it takes is for a client to think they've been wronged. For this reason, it's wise for IT consultants to protect their company from lawsuits by:
- Including protective language in IT contracts.
- Investing in technology Professional Liability Insurance.
Using Protective Language in IT Contracts
A contract can't protect you from all lawsuit risk, but the right language can go a long way to shielding an IT consultant from unnecessary cyber liability.
Protective terms in a contract can help minimize lawsuit exposure.
"Without proper contract terms in place to protect the IT consultant, the client may attempt to place liability on the consultant for the failure of software or other recommendations," Ossian says, "but having protective terms in the contract can help to avoid, or at least minimize, exposure."
Each contract will need to be crafted specifically for the project you're working on, but Ossian offered tips to beef up IT contracts by adding…
- Limitations on warranties.
- Limitations on the amounts and types of damages.
- Clauses that "pass through" warranties from the OEM / maker of software and IT products.
Let's take a minute to unpack the last item on that list. As an IT contractor, you're often installing someone else's product on client computers. You can control your liability by saying the software maker (the OEM) is responsible for defects with a product – not you. You can pass through its warranties about the quality of the service or software it offers.
Be sure to talk with a lawyer about protections that can help you.
Make Sure Your Professional Liability Insurance Includes Third-Party Cyber Coverage
Professional Liability Insurance is almost a standard part of doing business as an IT consultant, but not all policies are created equal.
When you apply for a Professional Liability policy, ask your insurance agent if it includes third-party cyber liability coverage for the types of lawsuits discussed here – such as protection for third-party data breaches.
If your policy has this coverage, it may cover the cost of a lawsuit if a client sues you over data breaches caused by:
- Phishing attacks.
- Malware attacks.
- Improper security configurations.
- Insider attacks.
Given how expensive data breaches are, this third-party liability coverage may protect you from a massive legal bill.
Which Cyber Liability Insurance Is Right for IT Professionals?
Professional Liability Insurance is typically the main way contractors cover their cyber risk, but we should talk briefly about Cyber Liability Insurance – another policy that covers some data breach liabilities.
Cyber Liability Insurance covers first-party cyber liability – the data breaches that happen on your networks, systems, and devices. This policy can cover the cost to inform your customers about a data breach and protect them from fraud.
Smaller IT businesses typically don't have much first-party risk. However, some areas of IT work (e.g., big data, analytics, and web hosting) involve large quantities of data that it makes sense to have first-party Cyber Liability coverage.
Check out "Third-Party vs. First-Party Cyber Risk Insurance: Protect Your IT Firm Right" for more information.