Insurance Journal reports on a court case that confirms what we in the insurance business have warned our customers about for a long time: while General Liability Insurance covers many lawsuits, it does not cover lawsuits about data breaches.
The ruling is important because many businesses mistakenly assume that they are already covered for data breaches because General Liability Insurance covers other types of third-party damages. If your clients have this mistaken impression, it could cost your IT business.
Let's look at the case that inspired the ruling.
What a Data Breach at Sony Can Teach You about Cyber Liability
In 2011, 77 million user accounts were hacked through Sony's PlayStation gaming network, an attack that Sony estimated would cost $171 million to cleanup.
After the hack, Sony shut down its network for a week and informed millions of users that their credit card and account information might have been compromised. While this data breach happened to a major company, there are three lessons small businesses can take away:
- The effects of a data breach last much longer than businesses anticipate. After reopening its gaming network, Sony discovered another security flaw a month later. As many customers were resetting their passwords, it became apparent that the reset function wasn’t secure. It only required users to input their email address and birthday, which opened the door for more breaches. Sony had to roll out more updates to fix this problem.
- Breaches can come at bad times. PC Magazine reports that while the data breach cost $171 million, these effects were made worse by the fact that it occurred at the worst possible moment – a month after the massive earthquake and tsunami decimated Japan in 2011. Sony lost billions in revenue due to idle manufacturing time. Small businesses have less room for error than an international corporation like Sony. On its own, a costly data breach could be enough to cause bankruptcy, but combined with another problem or slowdown in revenue, a cyber attack could wipe out a small business entirely.
- Many software designers overlook security because they are focused on functionality. When developers are rushing to finish a product, they don't necessarily have time to do ample security testing. A big business like Sony has a big budget, yet it can still make mistakes in software development. A smaller company faces the same software development challenges but has fewer resources at its disposal. Often, your clients want an IT solution at the lowest possible cost. Unfortunately, that means some developers trim the time they spend on security.
Resources You Can Share with Clients to Help Them Understand Data Breaches
- Cyber Liability Insurance. Because General Liability Insurance does not cover cyber liability, insurance companies have designed a policy to do just that – it’s called Cyber Liability Insurance (aka Data Breach Insurance). If a client is hacked, this policy covers the cost to inform their customers, investigate the breach, and offer credit-monitoring services.
- News stories. In the last year, there have been major data breaches at healthcare companies, universities, mobile developers, SaaS companies, retailers, and many other industries. When discussing data security with clients, point out an example from an industry similar to theirs or one that uses the same kind of IT solution that could expose your client to risk.
- Newsletters / security reminders. Some IT consultants send reminders to clients about security issues, strong password techniques, updates they'll need to install, etc. This can be an efficient way to keep multiple clients in the loop and reinforce the importance of user-level security.
Which Insurance Covers IT Professionals from Data Breach Lawsuits?
Unfortunately, Cyber Liability Insurance doesn’t tend to offer much benefit to IT professionals. Why? Because it’s unlikely they most small tech businesses would have a data breach of their own. Instead, they have to worry about client data breaches – and being sued for not preventing them.
That’s why Errors and Omissions Insurance covers IT consultants. It absorbs the cost of a lawsuit when clients sue them over data breaches and cyber security issues. E&O also covers other IT liabilities, such as testing errors, latency, missed deadlines, and other problems clients could have with your work.
This coverage starts at around $80 per month for IT independent contractors and microbusinesses. For a free quote on the cost of IT insurance for your business, submit an online insurance application.