Computer World reports that a federal court in Florida just issued a game-changing verdict about data breaches. The court decided that companies are liable to pay damages to all customers whose data is lost in a breach, even those who don’t lose any money or aren’t victims of identity theft.
Three million dollars. That's the amount of damages AvMed, a medical insurer, will have to pay its customers, regardless of how they were affected by the company’s data breach. Ouch.
Up until now, judges have only required businesses to pay damages in data breach lawsuits when customers suffered quantifiable financial losses.
The change means you can be liable for accidental disclosures, confidentiality breaches, and data breaches, even when no one is directly harmed. The bottom line: this new ruling will likely make data breaches even more expensive.
A Shift in Attitude: Corporate Cyber Security Becomes More than Identity Theft Prevention
With this new ruling and the growing fallout from the Target data breach, businesses are changing the way they think about cyber security. It's not just about protecting data. It's about protecting their reputation.
Bain & Company, a management consulting firm, recently published "Why Cyber Security Is a Strategic Issue," a report that highlights the financial risks of a data breach.
Bain & Company points out that breaches are becoming more expensive, advanced, and pervasive. Its data show that from 2011 to 2012…
- Daily web attacks increased 30 percent.
- Known mobile vulnerabilities increased 32 percent.
- The average cost of a data breach increased from $8 million to $9 million.
- The amount of time it took to find and fix a breach shot up by 22 percent.
As breaches become more expensive and common, companies have started to understand what it really means to be attacked. A data breach grinds your business to halt and destroys your reputation. For big companies, that can mean a plummeting stock price and dropping sales. For small businesses, that can mean huge losses and possibly even bankruptcy. For an IT consultant who works for any size business, it can mean a lawsuit.
What New Liabilities Mean for IT Consultants and Vendors
The Florida court's new ruling and the market research on data breaches tell the same story: data breaches have become more expensive. That cost could end up falling on the businesses that install and service technology when their clients sue them after a breach.
Tech E&O Insurance covers this exact liability, paying for lawsuits and legal expenses when a client sues you over a breach on their computers. It also covers lawsuits when a client claims the data breach caused their business to lose profits.
Getting E & O protection is as much about current liabilities as future ones. Because research shows a trend toward more sophisticated and expensive breaches, it's important for IT companies to protect themselves from future data breaches, which could be harder to stop and even more damaging.
To learn read more on data breach lawsuits, see our blog posts on cyber liability.