IT consultants can be sued in a cyber liability lawsuit even when they've done nothing wrong. That's why so many IT consultants have Errors and Omissions Insurance with third-party cyber liability coverage.
Cyber liability lawsuits can happen after a client data breach or a cyber attack on their network. It may seem unfair that a client's data breach is your liability, but that's the reality that IT consultants face.
In this blog post, we'll walk you through…
- Why and how a cyber liability claim works.
- What you can do to protect your business from the cost of data breach lawsuits.
IT Contractor Basics: What Is a Cyber Liability Claim?
To understand why a client sues their IT contractor, there's one basic thing you need to understand: data breaches are really expensive.
According to the NBSA, the average cost of a small business cyber attack is nearly $9,000. IBM and the Ponemon Institute estimate the average cost of a data breach is about $195 per lost record (e.g., a 1,000 record breach would cost $100,000). Depending on the size of the breach, your small-business clients could pay $10,000 to $100,000 in damages. Naturally, the costs are much higher for larger businesses.
While clients can get Data Breach Insurance to cover some of these costs, many business haven't heard of this coverage and don't have a policy. That means they're completely exposed to these losses.
After a data breach, clients will pay out-of-pocket for breach expenses. Given that these can reach six figures even for small businesses, your clients will look for a way to recoup their expenses. How do clients make up for data breach costs? They sue their IT contractor.
We'll get into why and how you can be held liable below, but for now, let's just focus on the cost.
What Does a Data Breach Lawsuit Cost for an IT Contractor?
Remember that $9,000 figure we used above? That's the cost of a data breach for your clients. That's not the cost to you.
When a client sues you, you may have to…
- Hire a legal team to defend your business. Even for frivolous claims, your legal fees could be a couple thousand dollars.
- Pay for extra damages. This may include compensation for harm to their reputation and any lost revenue, as well as the cost to replace the technology that failed.
- Give a refund for your consulting fees. If clients think you didn’t deliver on promised services, they won’t want to pay for it.
Add up these costs and the average small-business data breach lawsuit is well into five figures. Few IT contractors can afford that.
Why Can IT Contractors Be Sued for Data Breaches?
Let's talk about cyber liability. Liability is the legal term for the obligation or responsibility you have to your clients. Part of your responsibility as an IT contractor is that you make sure your clients' technology isn't vulnerable to a cyber attack or data breach. That's your cyber liability.
That responsibility is also pretty vague. As you know security isn't a cut-and-dry issue. To secure a network, you need more than just top-notch software. You also need buy-in from the users on that network. If individual users aren't practicing good cyber security habits, the company's data is always at risk.
And there's the reality that many clients…
- Skimp on security.
- Use legacy IT.
- Take other shortcuts.
All this and more could expose their data. In the imperfect world of small business IT, there's always some risk of a data breach, and you – the IT consultant – could be sued.
Will You Lose a Data Breach Lawsuit?
In some ways, the question of "winning" or "losing" a lawsuit is irrelevant. Data breach lawsuits are expensive regardless of the outcome.
Still, it can be helpful to look at how and why IT consultants get targeted by a lawsuit. Here are four reasons you could lose an IT lawsuit:
- Lawyers sue everyone. When a client's data is exposed, they'll ask their lawyers about their options. The lawyers may tell them to sue anyone who was involved with the technology that was hacked: the maker of the software, the installer, and the consultant. Even if you were only a subcontractor on a project, you could be sued.
- There's a lack of precedent in IT lawsuits. Technology changes faster than the laws that govern it. And if you follow IT liabilities – which we do at TechInsurance – you'll see new cases every few months where a judge rules in such a way that exposes IT consultants to new liabilities. For instance, in "Why the Target Data Breach Ruling Matters for IT Contractors," we profiled how a judge's ruling that banks can now seek additional damages from retailers affects IT contractors.
- You're outgunned. When you're sued, it isn't always a question of right vs. wrong. It's also a question of big vs. small. You may go up against clients who have more money and resources to dedicate to their legal defense. If you didn't have IT lawsuit insurance, you'd have to pay your legal bills on your own. Many small-business owners simply can't take this risk. E&O Insurance protects IT consultants and gives them the resources to fight against unfair lawsuits or settle out of court.
- You can't afford a frivolous lawsuit. Say you're 100 percent innocent. You can't be blamed for a data breach, but the client still sues you. Even a lawsuit like this (sometimes called a frivolous lawsuit) is costly. The Institute for Legal Reform estimates that frivolous lawsuits cost between $2,000 and $5,000, which might exceed the fees you made for that contract.
Does Your E&O Insurance Cover Cyber Liability Claims?
A Professional Liability Insurance policy can pay for legal costs when a client sues you over a data breach. How do you know if your insurance covers your cyber liability?
To make sure you're covered, it's smart to work with a company that specializes in IT insurance. TechInsurance has helped thousands of IT contractors cover their professional and cyber liabilities. Get free insurance quotes on Errors and Omissions Insurance by using our online insurance application.