Understanding Cybersecurity Negligence
Negligent behavior will most likely NOT be covered by your insurer in the event you are taken to court. Every insurer uses its own description for negligent behavior. However, in terms of IT security, negligent behavior can be defined as not following industry-recognized best practices or failing to meet ALL compliance requirements. A single negligent breach can close your business forever, because liability insurance may not cover IT security-related negligence. The devastating effects of non-compliance with statutory, regulatory and contractual requirements have the ability to bankrupt a company.
An IT Security Program Is Meant To DECREASE LIABILITIES while at the same time IMPROVE EFFICIENCIES!
Avoiding Professional Negligence Is Good For Business! The goal of IT security documentation is to build an IT security program for your company that decreases liabilities, while at the same time improves operational efficiencies – this equates to bottom-line savings for your company!
#1 - If your company accepts credit cards, advises on financial matters, provides healthcare services, or maintains any sensitive Personally Identifiable Information (sPII) on clients or employees, then you are responsible for certain compliance requirements. These standards, dictated by the regulation or requirement, establish the objective benchmark for what “reasonably expected” IT security protections should be in place.
#2 - If your company does not meet the minimum standards of a compliance requirement, that deficiency is evidence of negligence. Negligence can be as simple as outdated antivirus software, weak passwords, unencrypted wireless, unpatched operating systems, or inadequate IT security documentation. Ignorance is not an excuse!
#3 - Negligence is demonstrated by a lack of documented due care and due diligence. If you are taken to court, a prosecuting attorney’s aim likely will be to prove negligence. Without documented due care and due diligence, the task is made easier to prove negligence and allow damages to be awarded to the plaintiff.
#4 - The ramifications of being “negligent” can be devastating for a company, since most insurance policies have a “negligence loophole” built in that precludes insurers from having to pay out. The bottom line is your company may have to pay all fines, damages, and legal fees on its own, without any insurance reimbursement.
A single negligent event can cause a business to go out of business forever, since liability insurance may not cover professional negligence for IT security-related incidents. The simple rule of thumb is if you are not in compliance with what you are legally obligated to do, then you are professionally negligent.