In our recent article about phishing liability prevention we touched on the concept of corporate responsibility, suggesting that in order to mitigate liability risk, businesses would need to take a more proactive role in keeping the public (their customers) safe from cyber crime. Today we’re going to dig even deeper, tagging upper level executives as the ones to bear the greatest burden in the eyes of the consumer, and quite possibly claims court too.
3 Things Executives Need to Know About Their New Role in Cyber Crime Liability Prevention
1. You Can’t Blame the “IT Guy” Anymore
In the past, executives relied heavily on IT personnel (internal or outsourced) to keep up to date on cyber crime initiatives. When an attack occurred, fingers would get pointed and IT heads would roll, resulting in high turnover rates at that level while company figureheads maintained course, focused solely on revenue growth. Fast forward to 2019 and you’ll find that the days of putting the blame on the IT guy/gal are gone.
You see, with cyber security concerns making headlines across the province, country, continent and world on a daily basis, ignorance is no longer a valid plea. Consumers have long asked that executives take responsibility for anything that can negatively impact them, but now IT staff is also calling on their CEOs and COOs to do the same. Company directors are more aware of cyber threats than ever before, and this knowledge creates a whole new level of liability risk. Canadian Underwriter reports that corporate boards could be named liable if it could be proven that there was a failure to exercise due diligence and governance when it comes to policies and procedures surrounding cyber risk.
2. Compliance Has Thrust Company Directors Into the Spotlight
2018 changed the data privacy compliance game forever.
It all started when the EU enacted the General Data Protection Regulation (GDPR), declaring that the export of personal data outside the EU (British Columbia included) falls under their law regarding data privacy for its citizens. If your BC business counts just one EU citizen in it’s customer/client database, you fall under GDPR law, along with the financial penalties that may come from failure to comply. Then, in November the Privacy Commissioner of Canada enacted an addendum to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). The PIPEDA update demands that your business must report all breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals to the Privacy Commissioner, and to the individuals who may have been impacted in those breaches.
These corporate compliance updates have thrust company directors into the spotlight, given that a company can no longer keep hacks of any size in the shadows and whispers of the organization. Every incident will make headlines, whether on a local or national scale, and executives will be expected to speak up, and will invariably be expected by both governing bodies and the public to take on a bigger role in cyber crime awareness and prevention.
3. Cyber Crime Insurance is No Longer a Luxury
While cyber crime insurance coverage should never have been considered a “nice to have”, that thought process no longer holds any weight. This is because not only is there a hard cost associated with post-attack IT damage control, there is now a higher level of liability risk to the company and it’s board of directors. Are you prepared for claims against the company and against the board for a breach of fiduciary duties? What about fines from GDPR and PIPEDA? At the moment, probably not, which is why you need to reassess both your cyber crime coverage and directors and officers liability insurance.
Not only should you secure the necessary coverage, you should encourage vendors and partners to do the same as somewhere in the supply chain is a third party weak link that may put the data of customers/clients at risk. Yes indeed, no one is removed from responsibility when it comes to cyber crime in 2019 and beyond.
Speak to an independent broker at Park Insurance to make sure you’re covered today.