Take a minute to think about the kind of data you personally send across the Internet. When you order a new book through Amazon.com, your credit card information is transmitted. You download a new app through your phone and a third party accesses more financial data. Occasionally, you may need to provide your Social Security Number, date of birth, or other personal information to access your bank account or other online service.
Now, think about the work of an IT professional. They construct the infrastructure that stores, catalogues, or transmits a client's customer data. Every transaction that occurs, even if it's not online and only a credit card swipe at the grocery store, creates a little bit of data. In one way or another, you're involved with that data.
Cyber Liability is the risk you take as an IT professional. Let's say a client is hacked. How did it happen? In order for cyber criminals to access your clients' data, they will have to go through a piece of software or device that you recommended or designed for your client. When a crime like this happens, you can be sued.
Identity Theft: A Cyber Liability Nightmare
Arstechnica recently profiled how a group of cyber criminals were able to steal the identities of almost 4 million consumers. Cyber criminals hacked three major businesses that keep private data: LexisNexis, Dun & Bradstreet, and Kroll Background America / HireRight (an employment screening company).
This is exactly the kind of nightmare scenario you want to avoid. When hackers steal private data like SSNs, bank account numbers, credit card information, or dates of birth, they can use it to commit identity theft and steal money.
When your client suffers a data breach like this, they may go through an expensive process of contacting their customers about the breach, paying to monitor for credit fraud, and dealing with a huge loss of public trust.
The costs of a data breach can be overwhelming for your clients and they can sue you for damages. The Ponemon Institute, a major data security research organization, estimates that the cost of a data breach is about $188 per stolen record. With 4 million records compromised in this recent data breach, the total cost would be around $752 million. Gulp.
Data Risk Management
Your business probably isn't as large as LexisNexis. While you may not have billions of dollars of data, you still face the same liabilities. Cyber risk management is one way you can cut down on the chances of a lawsuit. Here are some examples…
- Avoid data loss. Whether it's through cloud-based storage or a network-attached storage device, it’s vital to make sure you continually back up your data.
- Know the disadvantages of cloud computing. While cloud computing is becoming more and more popular, there are still significant concerns. Cloud companies could go bankrupt and lose your data. In addition, your client may have privacy concerns when they hand over a bunch of private data to a cloud-based company. Know what your client wants and provide the right solution.
- Invest in IT insurance. Cyber Risk Insurance and Errors and Omissions Insurance cost far less than a lawsuit. By purchasing these policies, IT professionals invest in protection from unexpected legal costs.
The Growing Need for Cyber Liability Insurance
Data Breaches are becoming more and more common, so much so that Forbes Magazine anticipates that Cyber Liability Insurance will become nearly universal in the next few years.
In the article "Do You Really Need Cyber Liability Insurance," Forbes Magazine author Raj Sabhloksays Cyber Liability Insurance is "destined to become part of business liability coverage soon, and customers, suppliers, boards and investors will insist that you have the appropriate amount to do business."
Forbes recognizes, as many other tech-business experts have, that Cyber Liability is an unavoidable part of doing business in IT industries. Any business connected to the Internet faces cyber risks. But IT businesses are especially susceptible because they are responsible for the software and infrastructure that manage private data. As you plan your finances and look to mitigate your risk, consider the potential cost-savings that insurance can offer.
(For a more specific breakdown of the types of cyber liability you face, read our article "Third Party vs. First Party Cyber Risk Insurance").