How Can a Cyberattack Lead to Business Litigation?
It is hard to watch the news for any length of time without hearing about the latest “hack” or some other form of cyberattack. Security has and will continue to become more of an issue as the economy becomes increasingly digitized. The rise of “cloud computing” and other digital storage means that sensitive information is increasingly being stored on a computer at your business or on a remote server. Unfortunately, many do not think of the potential liability that this creates until it is too late. If your business suffers from a data breach, then you may face liability from both your customers as well as third parties. It is important that you be proactive in order to limit your exposure to such liability. This article will discuss the types of problems which can arise from a cyber breach and how you can take steps to protect your business. If you are in need of help, then contact us today to speak with a New Jersey commercial litigation attorney.
Litigation that stems from a cyberattack often revolves around:
- Identity theft and financial fraud stemming from the breach
- Disruptions in a customer’s operations
- Liability to third parties who were harmed by the breach
- Violations of specific laws (such as HIPPA)
Such instances can lead to a customer bringing suit against your business after their identity or financial information was used by a perpetrator or sold on the black market. Also, if your customer’s business was disrupted by the breach, then they will likely seek damages against you for lost profits. If your customers are sued by their clientele due to the breach, then your customer will likely seek indemnity from you. Finally, additional causes of action can be brought in conjunction with a negligence claim if the breach means that specific privacy laws were violated. Now let’s look at specific examples of these scenarios as well as steps you can take to protect yourself.
Cyberattacks Can Result In Litigation
Identity and financial theft stemming from the breach
Storing sensitive customer details can mean that you face liability for negligence (in addition to other causes of action) if such information gets “out in the open.” Suppose, for example, you keep the social security number and bank account information of a customer on file as part of your normal course of business. If that information is made public due to your negligence, then your customer can potentially bring a lawsuit against you for damage to their credit, their financial standing, as well as other harm they may suffer.
Your customer’s business can be disrupted due to a data breach at your company
Your customers may face severe damages if you fail to properly secure data related to the running of their business. Suppose, for example, that your customer’s business bank account is looted due to a breach at your company. Your customer is then unable to acquire inventory or make payroll. This can lead to their business losing substantial profits, if not going bankrupt. In such a scenario, your customer may be able to bring a case not just for what was taken from their bank accounts but for all future lost profits.
Third parties who were harmed by a data breach may potentially bring a cause of action
There are many instances where a third party may be able to bring a claim against your company for a data breach. These include instances in which you store information for a customer which, itself, contains a third-party’s data. An example of this may include an accountant who provides payroll services to a company. This means that, in addition to having the company’s information, the accountant will have the social security numbers of the company’s employees. If a cyberattack results in the employees being damaged then they will likely sue their employer. The employer, in turn, may seek “indemnity” against the accountant.
Specific privacy protections may be violated due to a cyberattack
Most cyberattacks can result in claims of negligence against the party who suffers the breach. In many instances, however, additional causes of action may be brought if specific privacy protections were violated. These can include instances where a breach resulted in the disclosure of information protected by the Health Insurance Portability and Accountability Act (HIPAA) or information protected by a privilege (such as those which exist between an attorney and their client).
Steps a Business Can Take To Avoid a Cyberattack and Prevent Litigation
The above discussion shows just a few examples of how a cyberattack can lead to business litigation. The steps below are some of the measures you can take to protect yourself against such situations.
Have strong security measures in place
Cybersecurity is drastically lacking in many businesses. It may be a worthwhile investment to hire a consultant to help you improve your security procedures. Examples of policies they may implement can include utilizing two-factor authentication on all email accounts, barring the use of repetitive or common passwords, and limiting data access to only those who need it.
Disclose a data breach as soon as it occurs
In the event that your business is the victim of a data breach, it is vital that you disclose it to the affected parties as soon as possible. Many businesses make the mistake of not disclosing a cyberattack immediately. This can result in the affected parties not taking immediate steps to protect their information and, as a result, the damages of these parties may increase.
Consult with an attorney to ensure that you are taking steps to limit liability
Consulting with an attorney can help you to draft employee and customer agreements which may help to limit your liability in the event of a data breach. Such agreements can dictate what type of information should or should not be stored on a network. They can also dictate security procedures that individuals are required to follow.
Contact a New Jersey Business Dispute Attorney if You Have Been the Victim of a Cyberattack or You Wish To Prevent Liability
If you need assistance with developing security-related contracts and agreements, or if you have been the victim of a cyberattack, then contact us today to speak with a New Jersey business dispute attorney. Daniel P. Silberstein has served our area for more than two decades. Contact our Cranford office online or by telephone today. In addition to all of Union County, we help companies throughout the broader area, including those in Elizabeth, Newark, etc.