The Expert Podcast

Wow, cyber liability is really creating some damage to the finances of companies and individuals. It's racking up costs across the board, and this is a landmark case. This SolarWinds company had a cyber event that was a hacking event, and the Securities and Exchange Commission (SEC) is suing the company. But also, they're suing directly one of their executives. The SEC filed a lawsuit against SolarWinds and its Chief Information Security Officer. They call it a bomb going off for people working in that industry. It's the first time the SEC has called out an individual from a company.

So, you want to make sure you understand your personal liability as a cybersecurity person in a company, whether you're an executive officer or maybe even an IT person. One thing is clear, according to the article: executives are now faced with unprecedented liability risks, prompting the need for legal exposure for security executives. How do you do it? Well, obviously, you can get good legal advice, maybe insurance policies, and it mentions that in the article. The solutions they give are: yes, get good legal advice, establish connections with law enforcement, make sure you're adopting best practices, and do insurance—directors and officers insurance but also cyber liability insurance because that may cover it as well. Make sure that you're not just flying blind and trusting your IT department, because if something happens, you might be on the hook. You're not even immune if you're an attorney. Here's a law firm that actually handles data breaches. They were hit by a data breach. This is one of the largest data breaches. Consulting legal advisers had their own firm hit by a data breach. I wonder what the lawsuits will be.

How big are these awards? Well, in this case, there was a cyberattack that they had to settle for a $1.4 billion Merc pharmaceutical company. So, we're talking big numbers. We're talking about creeping liability, and we're talking about nobody being safe if law firms can get hit by it. And this Merk case goes back to 2017, six, seven years ago, so it can have a long tail of consequences for your company. Make sure you're aware of this risk and this liability. Don't sweep it under the rug. It's more of a risk than some other types of things you might be familiar with, like fire in your business, slips and falls, and workman's compensation. You want to make sure that you're considering cyber liability in your risk profile for your company and even for your executives.