Attorneys say the following scenarios are likely to result in lawsuits, which may not be covered by normal business insurance. A company’s best defense will be proof that it follows security best practices?from establishing an in-house security policy to testing how well those procedures actually work.
Breach of contract: When a business violates a nondisclosure agreement or fails to live up to a privacy statement made to customers.
Denial-of-service attacks: When a company with a legal obligation to keep its website up is hit by attacks that cause an outage or when a company plays an unwitting role in a denial-of-service attack launched on another company.
Malicious code: When a computer system transmits malicious code to another computer system, thereby causing damage and financial loss. This includes viruses or worms sent through e-mail.
Personal injury: When hackers steal or publish personal information. Customers could sue for damages under the same laws that allow injured customers to sue stores for not scraping the ice off their steps.
Inappropriate Web content: When information on a website violates a copyright or trademark or is libelous. American Insurance Group also has settled claims for policyholders whose websites were defaced by hackers.
Not protecting shareholder value: When a security breach results in a significant loss, either of money or customer confidence, causing the stock price to plummet.