800.668.7020
M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.
Don't Risk IT
Insurance and Technology: Protect Your Business from Security Lawsuits

Insurance and Technology: Protect Your Business from Security Lawsuits

Experian's data breach highlights cyber liability exposures many tech firms face. A discussion of how to manage exposure and lower cyber liability risk.

Thursday, January 09, 2014/Categories: cyber-liability

Whether it's for cloud computing, mobile apps, or other new technology, business insurance can cover all kinds of cyber liabilities, including those associated with data security breaches and credit card theft.

What is cyber liability? IT professionals are responsible for protecting client data, which means they can be sued when a data breach occurs. Because of their unique role in managing technology systems, IT consultants may face two types of cyber liability lawsuits:

  • First-Party Liability. If you store private data on your computers, clients can sue you when hackers break into your network and steal their private data. You are responsible for preventing a direct attack on your computers, and if you don't, you could face a first-party liability lawsuit.
  • Third-Party Liability. You can also be sued if a data breach happens on client computers. When you advise clients on certain IT matters, you become liable for their data security. For example, if a mobile app you recommend for a client leads to a security breach, they can sue you even if the breach results from a flaw in someone else’s software. Another example: if you install network software for a client or set up a private cloud, you can be sued if these services are hacked.

To understand your tech liabilities better, let's look at two stories from the news that will explain how insurance can protect you from credit card fraud and other data security issues.

Cover Data Breaches with Credit Card Protection Insurance (aka Cyber Liability)

Experian is one of the major credit monitoring companies in the country. Last week, it was the victim of a cyber attack that will leave you shaking your head.

As a credit company, Experian tracks individual credit scores and has access to a tremendous amount of personal information, including Social Security numbers, addresses, and credit card information. In other words, the company’s databases are a gold mine for hackers. You would think Experian would have top-of-the-line security, but last week it was duped by an unbelievably stupid trick.

After a cyber criminal pretended to be a private investigator, Experian sold the criminal access to private financial data. In this bizarre scenario, cyber criminals used fake IDs to purchase private data. They planned to use the data to commit more identity theft later on. Sound like a joke? You’re not the only one who thinks so. There was a similar storyline in this Dilbert comic from three years ago.

After accidentally selling private data to cyber criminals, Experian could be sued for millions of dollars in a class-action lawsuit. After a security breach, Cyber Liability Insurance can cover Experian's first-party liabilities and pay for credit monitoring for any individuals whose data was stolen in the attack.

(Want more information on data breaches? Check out the post “The Data Breach Statistics Nobody’s Talking About.”)

Online Liability Insurance Protects Cloud Computing Liabilities

This week the business social networking site LinkedIn announced a new service that was met with immediate skepticism from cyber security experts. The site has started offering an app called "Intro" that attaches a LinkedIn banner to your emails, advertising your professional information. Sounds simple enough. So what's the problem?

The problem is that, in order to be secure, email must be encrypted. When you send an email, it's encrypted so cyber criminals can't steal your data. However, in order for LinkedIn to attach its banner, it has to decrypt the email. If you download LinkedIn’s app, email would be sent from your device to LinkedIn's servers, where they decrypt it, attach a banner, and send a new encrypted email.

LinkedIn's servers would have gigs and gigs of decrypted corporate email just waiting for hackers. One security researcher has already exploited a weakness to show how to use the app to create a "phishing" email attack.

This news story highlights growing cloud-computing liabilities. When you put data in the cloud or send it through LinkedIn's servers, you create more ways for hackers to access your data.

As an IT consultant, when you recommend cloud services to clients, you also take on liability. By enrolling your client in a cloud service, installing a program, or managing their network, you accept responsibility for their data and can be sued when they suffer a security breach.

Cyber Liability Insurance can cover your third-party liabilities. When a client's email is hacked through the LinkedIn app you recommended, Cyber Liability Insurance would pay for the cost of this lawsuit.

To learn more about Cyber Risk Insurance, read "First Party vs. Third Party Cyber Liability Insurance."

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews

Categories

The Small Business Insurance Leader