I.T. Litigation: Courts Make Users Liable for Security Glitches

By Scott Berinato

Sun, February 01, 2004CIO It used to be that the rules of the game made suing a vendor for a security breach a losing proposition. It was easier to settle a dispute for less, or to take an insurance payout and move on.

No more. Because of changes in the insurance business and some recent court decisions, it looks like this is going to be the year to watch for computer security lawsuits.

The tipping point came in October 2001. That was when, looking at huge payouts post-9/11 and no end to the super-viruses (such as I Love You and Nimda), the Hartford Insurance Co. removed computer damages from its commercial general liability plans. Other insurers followed suit. In 2002, as computer damages from major viruses intensified, agencies such as the National Institute of Standards and Technology were establishing rules and standards for software security?and security breach victims started to view the problem as one of negligence instead of liability.

"This is really a wave-of-the-future-type trend," notes Bill Cook, a partner at Wildman, Harrold, Allen & Dixon in Chicago. (For more about how CIOs can avoid costly litigation, see "You Sue, You Lose?The High Cost of Litigation," Page 40.)

The decisions in this new wave of cases are sure to create new legal precedents that will go a long way to directing the security and quality of software for the future. In an essay on the topic, Cook highlights several recent cases he expects to shape future software security rulings. Here are three big ones:

n Worm attacks and similar misdeeds are predictable when it comes to computer systems attacks. That’s the reading from the Maine Public Utilities Commission v. Verizon case.

After the Slammer virus a year ago, Verizon asked for a refund from the money it pays Maine’s utility commission for using its infrastructure. The refund would cover the time Verizon was unexpectedly down due to Slammer, and hence not using the network. Maine pushed back, saying that since Verizon hadn’t implemented the Slammer patch, and the company didn’t deserve a waiver. (Maine also noted AT&T and WorldCom had no problems with Slammer.)

In April 2003, the judge sided with Maine, saying that sophisticated worm attacks are foreseeable even if you can’t control them. Verizon didn’t get its refund.

n The courts can step in to determine security procedures. That’s what a government agency learned in Cobell v. Norton. In this case against the Department of the Interior over unpaid benefits to American Indians, the department’s computer security (and resulting website outage) became a major issue.

Loading...
Security MarketSpace
White Papers
Cost Effective Data Loss Prevention
Learn how Data Loss Prevention technologies can in fact be deployed in a cost effective manner. Learn more »
Data Loss Prevention and Enterprise Rights Management
Enterprise Management Associates highlights the complementary values of Data Loss Prevention and Enterprise Rights Management as a strategic approach to information risk control. Learn more »
Eliminate the Impact of Distance
Learn how to be prepared to adapt your environment in a way that supports distributed employees, anytime anywhere collaboration and the need for business continuity during a disaster. Learn more »
Webcasts
Maximizing the Business Value of the PC Infrastructure
Reduced IT budgets have CIOs hunting for ways to maximize their PC infrastructure, while saving money and IT staff time. Diane Bryant, CIO of Intel Corp., talks with CIO magazine's Gary Beach about how her organization is addressing these challenges. Learn more »
Accelerate Your Virtual Environment
Rapid Replication for Virtual Servers Learn more »
 
SPONSORED LINKS
 

Data Loss Prevention: A Better Way to Approach Security

Stop Application Fraud at the Source with Device Reputation

Ready to Act: 3 Recommendations for Agile Processes

Automating the Generation and Secure Distribution of Excel Reports

Seven Ways ITIL Can Help You in an Economic Downturn

Maximizing the Business Value of the PC Infrastructure

Learn how to managing client systems in the enterprise.

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

8 Key Ingredients to Building an Internal Cloud

Data Center Optimization: Three Key Strategies

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

Introducing the new HP ProLiant G6 server family

Losing Ground: 2009 TMT Global Security Survey

Software Executives: Take Control of Your Organization's Code Quality

Delivering Secure and Reliable Data through Spreadsheet Automation

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Accenture IT Consulting: Logical meets technological. More . . .

White Paper: 8 Key Ingredients to Building an Internal Cloud

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

Top 10 Business and IT Drivers for the Wealth Management Sector

Bottom-Line Benefits of Virtualization

White Paper: The Building Blocks for Cloud Computing

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Gartner Shares Predictions for 2009

Accenture IT Consulting: Enabling high performance. More...

 
 
RESOURCE CENTER