America has become a very litigious society. “So, sue me!” used to be a joke line. Now it’s not funny anymore. Cybersecurity breaches have real costs; they always have had real costs. Now that our collective awareness of these costs has been heightened, the scramble to pinpoint, blame, and punish the source of the cost has shifted. But rather than pursue and prosecute bad actors it appears easier to go after U.S.-based entities. If getting money is the goal, how much easier if both parties answer to the same sovereign legal system? Someone’s cybersecurity failed. You lost money because of it. Who should pay for your losses after a hack?
Cybersecurity Lapses By Major Companies Are Now Leading To Class-Action Lawsuits
The recent hack of Colonial Pipeline is a good example. The illegal capture of their computer systems caused a cascade of problems, not the least of which was fueling stations running out of gas. This situation lasted for a few weeks. Several small gas stations that also include convenience stores took a double hit on revenue. With no gas to sell, no one was coming inside for drinks and snacks. One claimant stated he had not seen his customers for over a month. For some, their regulars did not return after the no-gas crisis had passed. They are suing Colonial Pipeline over these lost sales, citing lax security by the corporation. Another lawsuit seeks damages for consumers who had to pay higher gas prices.
Is It A Case Of “Means Well” vs. “Does Well?”
I still field questions from business owners like “no, seriously—how much should I be spending on cybersecurity?” Sadly, the answer to that question must now be based on how much you can afford to lose in a lawsuit. I fear the rise in lawsuits can mean organizations that are hacked will now be liable for all kinds of damages beyond what is being paid out now. Until recently, the expectations were that people who had their data stolen would be reimbursed for their greater risk of identity theft and/or credit card fraud—not for the loss of projected livelihood. Risk management is now broader and deeper for e-commerce. I’m pretty sure no one in my generation studied that in college or graduate school. It’s a burden for well-meaning, hardworking local businesses.
Cybersecurity Can Be Explained—Always Be Learning!
I will never recommend just throwing money in the direction of a solution. For anything. And while cyber trends cannot be exactly predicted, I do know that in the Managed Service Provider profession, we are always learning. We look at what just happened, and we try to see where and how some new activity can go from there. We focus on recovery. We look for new preventions. That is the main reason most MSPs have had to expand from just the mechanical wizardry of business networks to include employee training as well. It only takes one of your company computer users clicking on a fake link or downloading a questionable attachment to open the door for hackers to invade an otherwise secure system.
Learn Your Technology So You Don’t Fear Legal Entanglements
Liability is always an issue in business, but you can work with your IT management company to understand how to cover your assets. You put the biggest picture together, one segment at a time. Then you are that much better prepared in case of a breach.
Ask questions. Call Aptica and ask more questions. We know a lot about cybersecurity and employee training. We can help you get started if you need to upgrade.
Jason Newburg, 260.243.5100, ext 2101, is the founder and owner of Aptica LLC. This IT management and support company has been serving small to medium-sized businesses for 19 years in the region that includes Angola, South Bend, and Fort Wayne, IN, Battle Creek, MI, and Toledo OH.