by Preston Gralla

Software Companies May Have to Accept Security Responsibility

Dec 01, 20013 mins
Enterprise Applications

If you’re a glutton for punishment, you may have peered into the fine print on the licensing agreement that accompanies most software packages. The text isn’t for the weak of heart, but if you take the time to decipher it you’ll find a surprising statement at its core?in essence, the company you’re buying from is saying, “Nothing that goes wrong is our fault.” If you suffer problems as a result of a flaw in the program, you’re out of luck and can’t collect damages.

You’d be hard-pressed to find another industry that could get away with such a blanket statement (though you can bet that most would like to). Given the potential growth of cyberinsurance, however, can software companies get away with these statements forever, or will they be forced to change?

Lance Rose, a New York City lawyer who specializes in cyberlaw, believes that if cyberinsurance goes mainstream, such blame-proofing license agreements could become a thing of the past. He notes that a company could take out cyberinsurance and then suffer losses because of flaws in a software package. The damaged company could collect on its insurance policy, but if the losses were large enough, the insurance company might sue the software maker?and potentially win.

“Insurance companies will likely be a lot more aggressive than businesses in pursuing these kinds of claims because that’s the business they’re in,” Rose says.

If that started to happen?and if software companies started to lose suits?the clauses would become much less common because they’d be unenforceable, he adds.

Jay Hollander, an attorney specializing in computer and Internet law and principal of the New York City-based law firm Hollander and Co., believes that cyberinsurance could lead to changes in such restrictive clauses for big-ticket, customized software sales. But he isn’t sure that would be an improvement. Should today’s licenses become void, software makers might then add clauses requiring their customers to take out cyberinsurance, and that situation would also force the business to get an agreement from the insurance company not to sue the software company if there were ever a problem with the software. He notes that such agreements are common in commercial leases?landlords can make tenants take out property insurance and, at the same time, require that the tenant obtain a waiver saying that the insurance company can’t sue the landlord.

If that analogy holds, cyberinsurance could ultimately make software companies less vulnerable?not more.