Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Why Cyber-Insurers Will Demand Better InfoSecAttorney Describes Pressures to Reduce Risk
As more mega-breaches occur, cyber-insurers will more closely assess the security risks of potential clients, leading more organizations to improve their information security programs, attorney John Yanchunis predicts.
"When companies are unable to get insurance ... you're going to see companies adopting better security systems," says Yanchunis of the Florida-based law firm Morgan & Morgan, who's representing consumers in several breach-related lawsuits. Those cases include one of the class action suits filed against Premera Blue Cross in the wake of a hacking incident that affected 11 million individuals.
As cyber-insurance companies send in assessors to get a better look at a potential client's security risks, "and they come up with things that are short or need to be improved, companies will move toward improving their security system," he says.
The threat of class-action lawsuits related to data breaches should also be a catalyst for organizations to get their security acts together, the attorney argues.
"When there are security breaches, where companies have failed to comply with [industry best] practices - otherwise known as negligence - then you have lawsuits," he says. "Companies tend to want to prevent that from occurring, so they're going to adopt better security measures. It's a constant thing. As technology develops, and thieves get better at what they do, companies are going to have to continue making improvements. The cyber-insurance market is going to have a big impact on that as we move forward."
In the interview, Yanchunis also discusses:
- Who's a bigger security threat - insiders or hackers;
- Why so many class action lawsuits related to recent data breaches are being filed so quickly after the incidents are revealed;
- Why many breach-related suits get consolidated by the courts, and why he expects more plaintiffs to win judgments.
Yanchunis leads the National Consumer Class Action and False Claims Act sections of Morgan & Morgan's complex litigation group. For the past 19 years, he's represented consumers in privacy rights and data breach cases. Yanchunis serves on the executive committee overseeing the consumer class, bank class and shareholder derivative litigation against Target.