The Expert Podcast

The losses from a cyber attack can spiral dramatically out of control beyond just the initial attack, and here's a perfect example of where they can continue to run up charges against you as a company for a cyber attack long after the fact. Rackspace, a major internet provider of hosting, was attacked, and the losses were initially tracked at a few million dollars. However, this happened on November 15th, 2022. In 2023, almost a year later, the costs continue to mount, soaring to nearly $12 million. Lawsuits and longtail costs What is a long-tail cost? A lot of times you'll find third-party liability that will creep up on you after the fact.

And an analysis of the financial disclosures from the company shows they continue to rack up expenses. It's kind of a good play on words because they have a lot of rack servers there. It started out as a $3 million event, and that was after a few months already, and then it went up because of remediation costs, legal fees, professional services, and third-party liability. We're going to talk about that here in a minute, how that can kick in, and the cost of this weathering may seem small for this company, but it's still going to make a big dent in not only their financial situation but the confidence that clients may have in that company.

Here's how third parties can kick in: Here's another one. This one is Stellantis, which builds Jeep, Chrysler, and Ram trucks. They had a supplier called Yinfang that had a cyber attack that disrupted the production of Stellantis. Those losses that Stellantis will experience are going to fall back on Yinfang. They're going to get sued. They're going to have third-party liability. Business insurance is taking note of this. They're increasingly telling contractors to be cyber-resilient because you could have liability if your attack against your company affects your vendors or your clients. You could be liable. Make sure you have insurance for it. Or, on the other hand, if somebody attacks another company that you do business with and it affects you, you could have liability. These liabilities, losses, damages, and perils could not be realized for months or sometimes years later. So, the cost can expand exponentially from the first date that it happened. And these domino effect costs are one of the reasons why 60% of small businesses fold after a cyberattack.

Right, so be aware of all the Domino effects upstream and downstream from your company. If you're a vendor and you sell stuff to somebody else, if you have a cyber attack against your company, that could create liability for you with your client, and vice versa, if you buy stuff from a company and they can't provide a product, you may have liability to them. So have third-party liability in mind when you're putting together your cyber security, cyber insurance, and cyber liability plans and strategies.