IT professionals – how to mitigate against heightened exposures following cyber attacks
A rise in claims against IT professionals has been observed in the wake of more frequent cyber breaches, leading to allegations of inadequate cyber resilience strategies and poor service quality.
Insurers tend to classify IT professionals as those who create, maintain, repair, and install software and hardware within organisations. It is quite a broad classification encompassing a range of businesses involved in fields such as cybersecurity, software or hardware development, data, telecommunications, consulting services, and emerging industries like artificial intelligence and food technology.
Industries such as construction and finance – among others – often rely on using IT systems and IT consultants/contractors for their daily operations (online bank accounts, cloud storage systems, construction technology, etc) and are especially susceptible to a range of cyber and technological threats that are both targeted and non-targeted. This requires IT professionals to be extra vigilant regarding cyber security and technology testing to avoid legal and financial risk.
- Criminal threats usually involve cyber breaches resulting in the theft, manipulation or ransom of finances, assets, or data from the business; other forms of criminal threats include physical security breaches or even staff deceitfulness.
- General threats include non-targeted aspects such as system failures, human error, natural disasters, or viruses.
For IT businesses to avoid these threats and ensure they are not put in financial turmoil through costly compensation and recuperation costs should a claim occur, they must proactively ensure that they have the appropriate security measures in place, coupled with effective cyber and technology resilience strategies.
- IT Liability insurance - generally provides cover for failure of IT related services and advice, any infringement on trademark, copywrite, or registered design, economic loss from errors or omissions, and personal injury and property damage.
- Cyber Liability insurance - provides cover for the expenses incurred after a cyber incident, where data may have been breached and intellectual property stolen or damaged.
Claims examples
- A software company was contracted to automate a business’s operations, which involved transferring their files and contacts onto a new system. Due to human error from one of the software developers, the businesses data was accidentally deleted during the transferring process, and the software company was sued. An IT liability policy would cover the damages expense in this claim.
- An IT security systems company was contracted to install a new security system (including cameras) and consult on how best to use IT to improve the overall secureness of a warehouse site. After a week, the owner of the warehouse discovered that it had been physically broken into; when he went to check the cameras footage, he discovered that the online data storage system had failed to save footage past the third day due to an inherent systems error. The claim brought against the IT security systems company would be covered by an ITL policy.
- A computer software development company designing a new product has a cyber breach, and losses much of its data. A cyber liability policy would cover the damages this would cause the business and help it recuperate for lost profits.
- A data services company is responsible for storing and safeguarding data for a range of companies on a cloud system. Due to poor cyber resilience, much of the data is stolen during a cyber breach, and a class-action ensued against the IT company because it failed to take certain basic preventative steps to protect the data. An ITL would cover these claims.
Risk management and cyber resilience strategies must also be used to better safeguard positive outcomes both for clients and IT professionals alike. Things such as multi-factor authentication for access into systems, regular data backups, cyber incident protocols and rigorous technology testing are all examples of approaches that can be taken to minimise a range of criminal and general IT threats.
For further information or advice relating to risk management for IT professionals, please contact us via the form below.
