Data Breach Liability: Is Your Company to Blame?

As a business, failing to test your systems for security flaws through security assessments or having a security professional hack your network to find vulnerabilities leaves your ‘Open’ sign on all day and night for cyber criminals who are after your most precious resource – your data. Something as simple as using the same password for multiple accounts can lead to the loss of a wealth of data and an embarrassing and expensive recovery process.

While there may not be an automatic liability for your business if a breach occurs, there are some steps that can be taken against your company if you are the subject of a data breach lawsuit.

First and foremost is negligence. Simply, what would a reasonable person or company do to lessen the chance of a data breach? Did your business take steps to shore up holes or vulnerabilities? Is your company aligned with best practices in the industry? If your company is found to be grossly under-prepared for a breach, some financial responsibility will be pinned to you.

Another avenue of finding fault for your company is in your breach response. Did your company do enough to stop the breach once it was found; did you quickly notify affected parties of the breach; did you immediately begin an investigation to find and incorporate remediation steps?

Businesses can face backlash from government agencies, heavy fines, and legal action following a breach.

For businesses that collect and store data, living with the expectation that someone is always trying to hack your systems will help maintain an edge against cyber attacks. There is no way to be totally immune from a cyber attack, but having a solid cyber security plan and incident response guidelines in place can help to reduce the impact on your business.

Many businesses employ third-party vendors to perform services, which increases breach risk due to the unknown element of the outsiders’ security policies and practices.

It is often a business norm for a third-party vendor to support core business functions and to have access to your data and internal systems.

While it may be the norm, it is still inherently unsafe as 63% of all data breaches can be linked to third-party access.

Using a third-party vendor may be critical to your business operations, but doing so without vetting their security posture can lead your business down a troubled path.

A security assessment can help give you peace of mind about your business’ own security posture and making an assessment a frequently required piece of each vendor contract you have in place will help to secure your operations from the ground up.

In many instances, a security assessment should be part of your vetting process when selecting a vendor to work with your business. When it comes to cybersecurity, there is no such thing as being too cautious.

Archetype SC’s SRVA is a great starting point to determine your current security posture, find vulnerabilities, and create a remediation plan to protect your business.

Additional steps, including employee training and security process updates, can help lessen the likelihood of an attack by educating your resources on what to look out for and the proper steps to take if they recognize a cyber attack.