Liability is increasing slowly for cyber-exposed companies. We're in an exploratory court phase as litigants try different things. For a while, we'll see these filings in USA courts, which won't get far ... but then one will find the formula, and a company will be hit by a huge judgement.
"The US Department of Defense has been hit with a $4.9 billion (£3.1 billion) lawsuit over a recently disclosed data breach involving TRICARE , a healthcare system for active and retired military personnel and their families."
Meanwhile, pressure for breach disclosure increases. Now the SEC is in on the act:
"The SEC guidance clarifies a long-standing requirement that companies report 'material' developments, or matters significant enough that an investor would want to know about them. The guidance spells out that cyberattacks are no exception.For example, the SEC says, a company probably will need to report on costs and consequences of material intrusions in which customer data are compromised. The company's revenue could suffer, and it could be forced to spend money to beef up security or fight lawsuits. In addition, if a company is vulnerable to cyberattack, investors may need to be informed of the risk, the SEC said."
This is also a first step that has increasing and more costly ramifications. May as well get used to it: disclosure will be part of the future. Liabilities are coming.
Perhaps the great age of software freedom is coming to an end, in more ways than one?
Posted by iang at October 18, 2011 10:43 AM | TrackBack