The Columbus Dispatch reports that insurance companies don't yet have reliable models for calculating client cyber risk, so it's hard for them to write policies that cover all the exposures a client faces after a data breach. That means it's vitally important for IT pros to encourage data safety practices for their clients; even if those clients have a Cyber Liability Insurance policy, it might not cover all losses, and they could still sue the IT contractor.
To understand how and why you could be sued for a client data breach, let's look at four issues:
- Why cyber attacks are more expensive than clients realize.
- Why your client's insurance won't cover all the costs of a data breach.
- Why you need to emphasize good data security habits.
- Why you need to cover your liability as an IT contractor.
Hidden Truth about Data Breaches: They're More Expensive than Clients Realize
The effects and cost of a data breach continue long after a client's data is lost. A breach has direct costs – (like repairs and upgrades) and indirect costs (like damage to a client's reputation).
A comprehensive list of the costs of a data breach is impossible, but here's a sample of the costs your clients may face:
- Slow sales and lost customers.
- Reputational / brand damage.
- Security audits.
- Costs to contact customers and set up fraud prevention hotlines.
- Identity theft prevention services, such as credit monitoring.
The full cost of any data breach won't be known until at least a year down the road. As we've reported, Target is dealing with brand damage and lost sales six months after its mega-breach became public (see "Data Breach Hangover: Target's Profits Down 12%").
Why a Client's Insurance Won't Cover The Cost of a Data Breach
In recent weeks, we wrote about a court case in which a judge ruled that Sony's General Liability Insurance policy wouldn't cover their data breach expenses (see "Court Ruling: Cyber Security Is Super Duper Important”).
Clients often think that their GL policy or their Cyber Liability Insurance (if they have it) covers their data breach costs. But GL Insurance doesn’t cover data breaches, and Cyber Liability Insurance only covers direct data breach costs, such as…
- Customer outreach.
- ID theft prevention.
- PR campaigns.
But as we saw above, direct costs are only a fraction of the losses associated with a data breach.
If a client's data is attacked, their insurance won't cover lost sales revenue, brand damage, and a weakened reputation. These losses can be some of the biggest a client faces after the breach. This means clients often file lawsuits against their IT contractor in order to recoup these other damages.
How to Teach Your Clients to Improve Their Security Habits
Small-business IT companies are in a difficult position because they can be sued for a client's data breach if their professional work caused or failed to prevent it. You may be responsible for a client's mistakes and poor security habits, so you'll need to teach them basic data security in order to protect your business from lawsuits.
The good news is that many data breaches can be avoided. ESET’s blog, WeLiveSecurity, reports that most data breaches are preventable. Here are few points you can emphasize to your clients:
- Passwords really do matter. Having unique passwords for each account and making each password a mix of letters and numbers reduces the likelihood of a data breach. If a client's data is hacked, having a unique password can limit the damage to only one breached account.
- Two-step verification ups the ante. Having a second layer of security (after an initial login or password) can improve client security even more. If a password is cracked, there is still another layer of security for criminals to get through.
- Don't be slow to upgrade. Many small-businesses use outdated software or forget to update their IT solutions. Old software comes with more risks because it often contains known security weaknesses hackers can easily exploit.
Protect Yourself: What Kind of Insurance Covers IT Contractors from Data Breach Lawsuits?
In this post we've seen how client data breaches can lead to lawsuits filed against IT contractors when a client's insurance policy won't cover all the costs of a data breach. Many breaches come with long-term effects (like lost sales) that clients could sue you for. So is there insurance to protect IT consultants?
Yes, Errors and Omissions Insurance covers IT consultants, paying for lawsuits and damages when a client sues you. Regardless of whether a client sues you for lost profits or the direct costs a breach, E&O Insurance can cover these lawsuits.
For a free quote on insurance for IT contractors, submit our online insurance form.