CIO - It used to be that the rules of the game made suing a vendor for a security breach a losing proposition. It was easier to settle a dispute for less, or to take an insurance payout and move on.
No more. Because of changes in the insurance business and some recent court decisions, it looks like this is going to be the year to watch for computer security lawsuits.
The tipping point came in October 2001. That was when, looking at huge payouts post-9/11 and no end to the super-viruses (such as I Love You and Nimda), the Hartford Insurance Co. removed computer damages from its commercial general liability plans. Other insurers followed suit. In 2002, as computer damages from major viruses intensified, agencies such as the National Institute of Standards and Technology were establishing rules and standards for software security -- and security breach victims started to view the problem as one of negligence instead of liability.
"This is really a wave-of-the-future-type trend," notes Bill Cook, a partner at law firm Wildman, Harrold, Allen & Dixon in Chicago.
The decisions in this new wave of cases are sure to create new legal precedents that will go a long way to directing the security and quality of software for the future. In an essay on the topic, Cook highlights several recent cases he expects to shape future software security rulings. Here are three big ones:
No. 1: Worm attacks and similar misdeeds are predictable when it comes to computer systems attacks. That's the reading from the Maine Public Utilities Commission v. Verizon case.
After the Slammer virus a year ago, Verizon Communications Inc. asked for a refund from the money it pays Maine's utility commission for using its infrastructure. The refund would cover the time Verizon was unexpectedly down due to Slammer, and hence not using the network. Maine pushed back, saying that since Verizon hadn't implemented the Slammer patch, the company didn't deserve a waiver. (Maine also noted AT&T Corp. and WorldCom Inc. had no problems with Slammer.)
In April 2003, the judge sided with Maine, saying that sophisticated worm attacks are foreseeable even if you can't control them. Verizon didn't get its refund.
No. 2: The courts can step in to determine security procedures. That's what a government agency learned in Cobell v. Norton. In this case against the U.S. Department of the Interior over unpaid benefits to American Indians, the department's computer security (and resulting Web site outage) became a major issue (see story).
The judge in the case was so miffed at the Interior Department's
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts