The Arizona Republic reports that Miguel Corzo, a community college IT employee who had been working in the district for 30 years, has been fired after his actions led to a data breach that has already cost $17 million in repairs and legal expenses.
2.4 million users' data (including social security numbers, banking information, and personal info) was exposed after an initial 2011 hack escalated because Corzo failed to take adequate steps to secure the database he administrated.
So far, the data breach costs stem from…
- $6.8 million to repair the breached IT.
- $10 million in legal expenses, remediation, and credit monitoring for affected users.
A class-action lawsuit is still underway, so these costs are only the beginning.
With a cyber attack costing the Maricopa County Community College District millions, you can see why organizations often search for someone to blame after a data breach. Had Corzo been an IT contractor or consultant hired by the university, however, he wouldn't just have been fired – he would have been sued for those losses.
IT Liability: Why Data Breaches Lead to Lawsuits against IT Contractors
As we saw in the example above, data breach costs add up quickly. The $17 million price tag of the data breach is likely only part of the total cost of the cyber attack. The community college district will likely suffer…
- PR losses. It may have to spend money on new advertising campaigns and efforts to rebuild its shattered reputation.
- Dropped enrollment figures. After this high-profile case, the district will be out even more money still.
These kinds of losses are shared by traditional businesses, too. Businesses may lose customers and suffer damages to their reputation after a breach. When you combine these losses with the cost to repair IT and hire lawyers, you can see why IT consultant liability can be measured in serious dollar signs.
IT Risk Management: How to Cover IT Consultant Liability
Professional Liability Insurance (aka Errors and Omissions Insurance) typically covers IT consultants for $1 million in third-party cyber liability and lawsuit expenses. These policies are adequate for many small-business owners and IT contractors. However, if you consult for larger organizations, you might need a policy with a larger limit.
Organizations with more data simply have more risk. Larger data breaches mean higher repair costs, legal expenses, and credit-monitoring costs. If you sign a contract with a larger organization, the agreement will probably stipulate that you have a certain amount of E&O Insurance. (For quotes on E&O for IT companies with a range of cyber liability, see cost estimates on IT insurance).
Why do clients want you to have insurance? If clients have to spend money on IT repairs and other costs after a data breach, they want to be able to recoup their losses. If your client thinks you are to blame for their losses, your Professional Liability Insurance can cover your legal expenses.
If you need a Professional Liability Insurance policy to sign a contract, submit an online insurance application, and our IT insurance agents can send quotes right to your inbox.
