The Wall Street Journal's MarketWatch reported this month on an incredible discrepancy between tech firms and other industries. Tech vendors and IT companies see their work as risky and susceptible to data breaches, while clients and other outside industries are much more likely to assume that technology is secure.
The implications of this study are manifold and complicated. So let's start at the beginning and ask why there is a discrepancy in the first place.
The Dangers of Overconfidence: Why IT Professionals Need to Burst Their Clients’ Bubbles
It might seem like good news that non-tech companies (i.e., your customers) think your work is more secure than you do. In some ways, that's to be expected. IT contractors are going to be obsessed with security – their clients less so. After all, it's your job to worry about what could go wrong.
But the MarketWatch study shows that tech contractors are twice as concerned about security (25% of tech firms vs. 12% of other firms worry about technology vendor security risks). The size of the discrepancy is disturbing and highlights how little many of your clients might know about the cyber security landscape.
Why do we see such a discrepancy? Here are some of the main causes:
- Separation between IT departments and upper management. Many companies don't have a CSO or CIO on their board of directors. Top-level decisions and discussions involve executives who don't have an IT background. While many boards are used to analyzing financial risk, they are less familiar with cyber risks and don't give it due consideration.
- Unfamiliarity with technology. Technology has gotten much more user-friendly in the last five years, but that's the front-end user experience. While your clients now have more mobile devices than they can shake a stick at, in reality, they don't really know how any of them work "under the hood." People simply assume that technology works securely. If they download an app, they assume it's secure. But the interconnected nature of technology exposes them to a complicated array of risks, which the average consumer doesn't understand.
- Security as an afterthought. In our blog post Tech Startup Data Problem: Hacking as a Rite of Passage, we profiled how even startups and tech companies are making security less of a priority. For instance, even wildly successful startups like Snapchat and WhatsApp have had major security issues in the last month. App and mobile software companies sometimes focus on usability and marketability, figuring they'll worry about security later.
- Not knowing what's at stake. Many companies simply don't understand just how expensive and devastating a data breach is. The costs from the Target data breach will be in the billions of dollars. Furthermore, the effects of a data breach last for years. (To get an idea of what can happen to your company if one your clients suffers a data breach, see our post Data Breach Ripple Effects: the Scary Truth.)
Misunderstandings Lead to Increased Lawsuit Risk for IT Companies
One of the major ramifications of this discrepancy between tech and non-tech companies is that it could lead to more lawsuits.
When companies presume software is secure, they won't take necessary precautions to teach their employees to use technology securely. They will assume that security is something that tech professionals worry about, so they don't have to. But that's like saying I don't have to lock my door. It's the police's job to stop burglars.
As you look to minimize your clients' data breach risk, you need to do two things…
- Emphasize the client's role in their cyber security.
- Protect your liability with small business insurance.
Professional Liability Insurance (also called E&O Insurance) can cover data breach lawsuits and other legal disputes about your professional responsibilities as an IT contractor. To learn more about the cost and coverage options, fill out our online insurance application or talk to a TechInsurance agent.