Orrick Insurance's Policyholder Insider reports on a potentially game-changing cyber liability lawsuit that could mean IT consultants, web designers, and other tech professionals are now more likely to get sued for data breaches. Here's what happened.
Insurance Company Sues Web Designers Over $150,000 in Data Breach Costs
A web design firm was sued when the website it maintained for a bank was hacked. Lawsuits are common when there's a data breach, but this one is unusual. Here's the thing: the bank isn't suing the IT company – its insurance company is.
The bank's Cyber Insurance covered $150,000 in data breach costs. The insurance company that paid out that six-figure sum is looking to recoup its expenses by suing the web designers.
In the lawsuit, the insurance company alleges the web designers should pay their share of the data breach expenses, because they…
- Failed to install anti-malware software.
- Let software go unpatched.
- Didn't encrypt bank customer data.
As an IT consultant, you know that data security isn't as simple as crossing off items on a checklist. Neither encryption nor anti-malware software is a foolproof security measure. There's always a way for hackers to get unencrypted data if they have the right access credentials or strike at data while it's in use.
How the IT Insurance Landscape Just Changed
Ten years ago, few business owners were talking about Cyber Liability Insurance, but with all the recent data breaches, many businesses have invested in these policies. That's great. Cyber Insurance can help them cover the cost of data breaches.
However, the reason that so many businesses have been buying these policies is that their data breach risks have increased. Now that breaches are more common and insurance companies have been paying for them, insurers want IT contractors to share the cost of a data breach.
So what can you do to protect your business from lawsuits from a client's insurance company? The silver lining – if you can call it that – is that while your IT liabilities just increased, you won't need any different insurance to protect you from the cost of client or insurer lawsuits. Professional Liability Insurance (also called E&O Insurance) can offer coverage for these lawsuits and other common IT risks, including…
- Data breaches.
- Cyber attacks.
- Latency issues.
- Data loss.
- Missed deadlines.
A Final Word about Changing IT Liabilities and New Lawsuit Risks
We've long pointed out that increased data breach costs were causing problems "behind the scenes" in the cyber liability world. Now that breaches have become more common, banks and insurance companies are unwilling to bear those costs alone. They've started to push back and are looking to sue the IT companies that supplied the technology that was hacked.
In January, we warned that we might see this shift. In our article "Why the Target Data Breach Ruling Matters for IT Contractors," we profiled how banks were suing Target to recoup their losses. Data breach costs are starting to roll downhill and IT contractors are more likely to see lawsuits.
Because of the way Errors and Omissions Insurance works, it's wise to have a policy in place as soon as you can. E&O can only cover a lawsuit if the work in question was performed while your policy was active. If you start an E&O policy today, it may cover your contracts going forward, but not those you've done in the past. In other words, because your IT liabilities just increased substantially, it's smart to review your risk management plan and make sure you have adequate E&O with third-party Cyber Liability coverage to help pay for lawsuits over data breaches on client networks.
