We’re getting closer to a tipping point where organizations are going to have to prove conclusively to their customers, lenders, investors, shareholders that they are doing everything they can to secure their sensitive systems/data.
A federal judge recently rejected Target’s bid to dismiss lawsuits by financial institutions that claim Target had played a “key role” in allowing its computer systems to be compromised.
Apparently, Target had installed a $1.6 million advance breach detection systems from FireEye but failed to heed the alarms until after debit/credit card info of 40 million customers and personal info of 110 million customers was stolen.
What this means is that banks can go after merchants if they can prove the merchant was negligent in securing its systems.In the past, liability for breaches was governed by a complex series of agreements between merchants, payment processors and credit card companies.
Separately, consumers are pursuing class-action suits against Target.
If these bank and consumer class-action lawsuits are adjudicated for the plaintiffs, any organization that has its customers/employees/vendors sensitive data compromised could be subject to costly legal action.
And certainly the cost of that legal action will be far greater than the implementation and proper monitoring of security technology.