The fallout from a cybersecurity breach

Suffering a cybersecurity breach is bad – obviously. It goes far beyond the IT department and affects every part of the business. Operations are disrupted, systems are shut down, and employees are unable to work. In addition to revenue loss, there’s potential ransomware payments, the expense of investigating, recovering and correcting what happened, customer notifications, and possible regulatory fines. Then there’s the hit to future business and brand reputation, and the threat of repeat attacks based on the hackers’ past success.

But wait – there’s more

Now, another new problem is rearing its ugly head – the lawsuit that follows. Data breach legal filings are becoming the mainstream tech version of the personal injury accident lawsuits. The “ambulance chasers” are becoming the “breach chasers.” Here are examples of what law firms are saying:

· A data breach is more than just an inconvenience; it’s a serious violation of your privacy and security… We understand that when a company’s negligence leads to a data breach, consumers deserve justice and compensation.

· If you have received a notice that your sensitive information was compromised, you are not powerless. Our experienced team is here to hold negligent corporations accountable and fight for the protection and compensation you deserve.

· When personal or financial data is exposed, companies often act quickly to limit liability. We dig into data breach records, security audits, and corporate practices to fight for full accountability.

· (We cover) identity theft, data breaches, ransomware attacks, or unauthorized collection or sharing of personal info. If your data was mishandled, we fight to hold the responsible parties to account.

· Data breaches can have far-reaching consequences, causing emotional distress, financial turmoil, and a profound invasion of privacy. If you or a loved one has fallen victim to a data breach, you need a skilled and compassionate attorney who will fight tirelessly on your behalf.

· (We) understand the profound impact that data breaches can have on individuals and families. We are committed to helping you navigate the complex legal landscape, seek justice, and pursue compensation for the harm you have suffered.

Firms can file individual or class action lawsuits alleging negligence or inadequate security. The compensation can include financial losses, identity theft prevention costs, emotional distress, and punitive damages. And, much like their auto lawsuit colleagues, these firms offer free consultations to go over potential claims and often work on a contingency fee basis.

What you can do – right now

The fact that personal injury lawyers (not “technology” lawyers) have jumped into this space reiterates the fact that cybersecurity is no longer a specialized IT issue – it’s a boardroom issue. It’s about understanding business risk, protecting what matters, and making strategic decisions about security investments. And while we’re not attorneys and we don’t give legal advice, a way to mitigate damages from any potential lawsuit is to show you took all the needed steps to try to prevent a breach in the first place.

Where’s a good place to start? Check your cybersecurity budget. Guardian CEO Chuck Smith hammers home an important fact in today’s cyber environment: “Approximately 80 percent of all cybersecurity spending goes to defensive and reactive measures like MDR (managed detection and response) rather than proactive protection. This trend leads to reliance on outdated technologies from 3rd party providers that primarily focus on responding to incidents rather than preventing them.”

Today, most companies have their cybersecurity investment upside down. They should be investing 60-70 percent in proactive defenses and 30-40 percent in reactive ones. By the time you’re reacting and responding, the breach has occurred, and the lawyers will be waiting.

In addition, especially for small- to medium-sized businesses, many states are passing laws that limit damages – especially punitive damages – when the SMB can show it met certain cybersecurity policies, procedures and requirements. It’s important to check the status of any such laws or proposals in your state and connect with your legislators with your concerns. A great example of limiting liability is Texas SB 2610, the state’s “Safe Harbor.”

In future posts, we’ll delve into recent notable breach lawsuits, including case names, what was alleged, outcomes, and what could have been done differently.

The Guardian difference

Defender and attacker – that’s how Guardian works. Our proactive red and reactive blue teams work together as one defense to hunt threats, identify gaps, and stop breaches before they start. We don’t replace your IT provider or MSP agreement; we work alongside them to provide what they can’t. Why? Because cybersecurity is a hard, ever-changing environment. And anyone who tells you it’s simple, or that they already have you covered as part of other managed services, doesn’t understand today’s high-level threat landscape. We do understand – and that’s the Guardian difference.