Cyber Liability is a cutting edge area of the law that is constantly evolving, almost on a 6 to 12 month cycle. Cyber liability affects many industries, including:
The health care arena is dominated at the federal level by HIPAA, but is also impacted by state-specific statutes that mandate the timing and manner of notification to compromised individuals, as well as tort law.
The financial services industry, which includes retailer credit card breaches, has its own set of state and federal regulations, but is also impacted by tort law.
Law practice cyber security is a relatively new entry into the area, again subject to state codes and tort law.
Insurance coverage is available for cyber breaches of many varieties, but insurance defense is not on pace with the rapid development of claims – especially class action suits. Recent statistics indicate that 50% of class action suits settle for an average of $2,500 per class member and generate $1.2 million in legal fees for a class’s legal counsel. The law itself favors defendants, but the cost of litigation at this time is greater than the cost to settle in many instances and is pushing defendants toward settlement. That may not always be the case as insurers may push back and attempt to limit losses by aggressively defending or aggressively demanding more exclusions in policy terms, and finding ways to trigger those exclusions.
The cost of cyber breaches continues to escalate in terms of payouts to affected consumers for identify theft and identity recovery services, as well as damages for failure to notify of a breach, or timely notify. Large fines and penalties imposed by state and federal authorities are beginning to make headlines. In the health care arena, the Office of Civil Rights, Health and Human Services, recently entered into a stipulated agreement with a Columbia University and New York Presbyterian for $4.8 million after personally identifiable health information within the control of the two organizations was posted on the internet through human error.
If you are operating an industry in which you collect, store, transmit, or handle personally identifiable information, are you prepared for a cyber-breach? If you would like additional information on your company’s financial exposure and what you can do to limit damages if the likely event of a cyber-breach, contact the Goosmann Law Firm at info@goosmannlaw.com or call 605-371-2000.
Photo Copyright: pablocalvog / 123RF Stock Photo