Organizations that are breached are in an unusual position as both the victim of a crime and as a responsible party for the damages caused by the hacker. The legal exposure rises from the fact that either a regulator or a private litigant (or both) want to hold your company responsible for the crime that it suffered. In short, the corporate victim of the breach is often the one who bears the consequences of the damage.
Here are the three most common areas of corporate liability risks from security breaches.
1. Reasonable Security
The basis for this case is that you had a duty to have reasonable security in place to protect information. The argument is that your organization did not meet the duty to have reasonable security, which is a claim that is made most frequently.
2. Misleading Customers
The second area of liability comes from the allegation that you misled your customers about what your organization was doing from a security perspective. The idea here is that liability comes not from what you did, but rather what you said you would do from an information security perspective. So the compromise in security constitutes a breach of the contract between your company and its customers.
3. Delayed Notification
The third risk area comes from not notifying your customers about the breach that occurred as fast as you could have or should have.
- 5 Most Common Pre-Breach Cybersecurity Mistakes and How to Avoid Them
- Reducing Your Legal Exposure After a Cybersecurity Incident
Idenhaus was named one of the 10 Most Promising Identity Governance and Administration Consulting/Service Companies 2019 by CIO Review!
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us