Protect Your Customers From Cyber Liability Risks
Download MP3…Here's another reason why you might want to look very seriously at cyber liability insurance. The consumer finance protection bureau arm or the federal government. Has. Promulgated new clarification of the rules about liability for being hacked. In fact it says that financial institutions and their service providers can be held liable for maintaining insufficient data protection or for information security.
So for example if your company gets hacked, And the fraudster the hacker gets your entire customer list. Maybe with addresses emails. Social security numbers credit card numbers, maybe even driver's license copies. And that information goes out into the dark web. You could be held liable as a company for not maintaining…sufficient data protection
Well what does that mean ? Well that's very subjective. The fact that the data was stolen probably indicates that you didn't have sufficient data protection that. it right there. So now you're on the hook whatever losses damages fines expenses penalties. You have to pay. So you might want to look at a cyber liability policy. That pays those not every policy pays those expenses So you want to make sure that if that's the kind of coverage you want, that that's what you're getting from your insurance provider. Because not every…cyber policy is going to pay those fines. You want to get one that pays those if that's what you're looking for, might cost a little more.
At the same time that cyber policy will probably also have requirements that you have to follow to keep the policy in force that will keep this from happening. It will make sure that it monitors your network and your best practices, so that you're less likely to have this type of. Event. Hit your company. So here's the official. Wording from consumer finance protection bureau. It was issued August 11th of this year. The circular came out that says insufficient data protection or security for sensitive customer information.
Question can entities violate the prohibition on unfair acts when they have insufficient data protection So, The…consumer financial protection act CFPA says that it's an unfair act or practice If you do certain things well now they've included insufficient data protection in that answer Yes. In addition to other federal laws…Gramm-Leach-Bliley act. CPF. Inadequate security for sensitive customer information. Can constitute an unfair practice in violation of US code. And it has the number…
How big of a deal is that while these requirements often overlap they are not coextensive, meaning that they…Can I hit you both. Acts or practices are unfair when they cause are likely to cause substantial injury That is not reasonably avoidable reasonably avoidable That's your key right there. So if you take reasonable efforts to avoid it, This might give you a little bit of a reprieve from the penalties.
How do you reasonably avoid it Well, if you have best practices what are those best practices ? How do you know that your practices are the best practices that are reasonable ? Well, if you are a client of a cyber liability company and they tell you what are the best practices in the industry you might be able to use that as a defense against these claims. Remember we're not attorneys we're not giving you legal advice You want to get that from a licensed qualified attorney, not. An insurance agent.
But here are some examples inadequate authentication inadequate password management, software update policies Are you updating your software ? Practices are likely to cause substantial injury to consumers. It's not avoidable by consumers. The consumer can't avoid the loss Once they give you the information they're trusting your comes. going to keep that information safe.
And if you don't take reasonable care, That could be not just a violation but an unfair business practice What they're going to say is. You used this. Lackadaisical business practice. Too. Be at an advantage over your competition. Right. If you're not taking the time and care and effort to. Pay attention to your customer data. Now you have an advantage in the marketplace it's unfair because everybody else has to do it And you don't that puts you at an advantage which isn't fair and they repeat it again CFPA defines an unfair act. As an act or practice that it causes are likely to cause substantial injury, which is not reasonably avoidable and not outweighed. by counter veiling benefits to consumers or competition. This is something to be very. Very aware of. Your company more than likely collects consumer information Almost every company does. And if you have it in your possession you retain it. You're responsible for it now it's on you.
So make sure that however you're doing it you execute best practices in your industry. And you get external…Feedback on what those practices are whether it's from an insurance company, from a tech company from an attorney to make sure that your practices are not. Accidentally putting your customers at risk and it doesn't have to be big volume A practice causes substantial injury when it causes significant harm to a few customers. Or a small amount of harm to many customers. Right.
So if you have a thousand customers that are slightly inconvenience, that could be substantial injury. If you have two customers that are devastated, that could be substantial injury. So you can't get out of this by just saying well they didn't. Have that much damage done to them They just have to freeze their credit for a month or. they had to maybe get a new credit card number. Well if it happens to 10,000 customers or a thousand customers that could be substantial injury. Or you might say well it only happened to two customers Well if they have to. You know they couldn't get a mortgage because they were credit. Score was ruined. That could be substantial injury.
Here's where it gets worse. Actual injury is not required to satisfy this prong In every case, a significant risk of harm is also sufficient. Think about that. You don't actually have to have customers that are harmed, but just that our risk of harm. Likely to cause is the key. If what you're doing. Makes the customer likely to have harm done to them. You could be in trouble. So make sure you're aware of this take whatever action you think is appropriate in your company.
And these consumer financial protection circulars are issued to all parties with authority to enforce. Federal consumer financial law. So…this is enforced a law This isn't just an administrative thing It's a very serious. governmental oversight and sometimes it doesn't happen. Directly Sometimes they may find out from a customer they may find out because they're looking into something else in your company.
So you want to make sure you have best practices, a couple of recommended ways of doing it Get good legal advice. Get a very good. Cyber liability insurance partner that can tell you best practices and put them in place and have coverage If God forbid something happens because if something does happen…Even if you can say or try a defense that says look I use best practices I try to avoid this…It's up to…the enforcer or judge jury to say whether you did or not
So you want to have coverage just in case things don't go the way you thought they were, because things change over time What you think is best practice today could be…very, Negligent three years from now. So having good coverage could be important or getting good technical advice from a qualified. Tech company that knows what they're talking about but just make sure they have insurance too.
