Security ... think about it!
This got me to thinking about what would happen in a similar situation if, for example, hackers used an insurance customer’s password to compromise an insurer’s systems, then stole valuable personal or financial information that was later sold or used in a criminal manner. Who is to blame then? Is it the insurer for not having adequate security safeguards on its networks; or is it the customer for not having enough security on his home or business computer? Where is King Solomon when we need him? One would think that insurance companies would be in no hurry to sue their valued business customers, but on the other hand if the business loss were significant enough, maybe they would take a shot at blaming the victim. Such a case would be widely publicized, however, and I find it difficult to believe that an insurer would want to be seen as trying to foist blame on its own customers. If I were one of that insurer’s other customers, I would certainly be calling my broker or agent in a heartbeat to change carriers. And what about insurers who include cyber-theft as part of their business interruption coverage? Might they be tempted to preemptively sue their customers who file claims, alleging that the theft took place because the customer didn’t have the latest security measures in place? It could happen, and that’s why the resolution of the Texas case could have repercussions far beyond the Lone Star State. For the first time, it seems, courts are being asked to define exactly what constitutes adequate systems security. Yet I wonder whether most courts are equipped with the knowledge and expertise to make such a judgment—and how such judgments would hold up over time given the rapid advances in security technology.
