Criminal cyber gangs, hackers and internal employee theft threats are understandably the focus of risk managers seeking to address online perils. After all, international banking funds have been stolen with a few keystrokes, hackers have managed to blow up a pipeline, and election systems across the globe are targeted with growing frequency by a host of shadowy figures with unsettling resources, including foreign government backing. This year, cybersecurity spending is expected to rise across the board for many companies, spanning various industries. The bulk of this spending is expected to be focused on thwarting the growing scourge of malware attacks. But malware, funds theft, data hacks and disruption attacks do not comprise the full spectrum of online risks. Today, many cyberrisks are of the less exotic variety and do not necessarily implicate the presence of a criminal. Liability often involves pedestrian errors, software glitches, and inattention to handling data safely. Such inattention can violate the law under new regulatory schemes.
DATA PROTECTION LIABILITY
Lawmakers and regulators are increasingly mandating that sound protocols be followed concerning the collection, hosting and transmission of data. The well-publicized GDPR and California’s enactment of the CCPA epitomize efforts to put consumers, patients and online users in a position of data privacy, data safety and data control. Twice last year, GDPR fines in the nine figures were sought against international companies based upon inadequate security procedures that allowed access and misuse to data. But unauthorized access is not the only potential regulatory exposure. Another international tech company was fined for non-GDPR compliant…..