Cyber liability is the risk posed by conducting business over the Internet, over other networks or using electronic storage technology. Insurance can be bought and “risk based” security strategies can be used to mitigate against both the first- and third-party risks caused by cyber liability.
A “first party” cyber liability occurs when your own information is breached. For example, a hack that results in the exposure of your own trade secrets would create a first party cyber liability.
A “third party” cyber liability occurs when customer or partner information your organization has promised to keep safe is breached. For example, a hack that results in the exposure of your customer’s Social Security numbers would create a third party cyber liability.
Companies have compelling reasons to avoid both types of cyber liability, but third party cyber liabilities can be devastating. First party cyber liabilities threaten a company’s competitiveness, but third party cyber liabilities often ruin brands, open the door to million-dollar lawsuits and trigger statutory fines (e.g., HIPAA HITECH’s $50,000 per-incident “willful neglect” fine).
File transfer technology frequently transmits information whose disclosure would lead to first- or third-party cyber liabilities.
BEST PRACTICE: File transfer technology, policy and procedure decisions should be made under the auspices of a risk-based security strategy that takes into account both first- and third-party cyber liabilities.