Your browser (Internet Explorer 7 or lower) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.


Navigate / search

Cyber Liability: Understanding Third-Party Exposure Risks

By Dan Hanson

May 6, 2013

Failing to protect the confidential information of others creates many exposures to your business. At a high level these exposures can be broken down into third-party exposures and first-party costs to your business.

The third-party exposure is easier to understand. If you fail to protect the confidential information of others (e.g., credit card number, social security number, etc.) and it results in financial damages to that party, they can bring suit against you to make them whole. The cost to defend—and ultimately pay for— these matters can be enormous. An example would be Heartland Payment Systems. Their 2008 data breach has cost the company more than $100 million.

We will spend more time on first party costs in future articles, but there can be a multitude of potential first-party costs to your organization, including:

  • Notification expenses
  • Public Relations expenses
  • Business interruption
  • Credit monitoring
  • Regulatory defense

Due to statutory laws in 46 states, these are expenses your organization would incur even if your failure to protect the confidential information of others did not result in any financial damages to that third party.