McGowanPRO Professional Liability Blog / Resources / Articles

Security Breach Claims

Posted by Jared Rabin on Wed, Oct 27, 2010 @ 12:40 PM

describe the imageBreakdown of Cyber Claims*:

  • System Glitch 36%
  • Negligence  40%
  • Malicious/criminal  24%

Interesting that 76% of the time, claims are not the result of hackers, or other criminal activity.

The following claims samples are actual stories from our experience.  No names or personal information is included.

1. Daylight robbery!

A CPA client had a laptop taken by a stranger who walked into the accountant’s office, grabbed the laptop and took off. The stranger was captured on security cameras and was well known to the local police. The laptop contained personal and confidential information on three banking clients. Police reports were filed and the client even attempted a sting operation trying to lure the criminal to sell the laptop through Craigslist.

Finally, a “no questions asked” reward was posted, but the laptop was gone.

The police do not believe that the CPA firm was targeted and most likely the laptop was pawned shortly afterwards. The CPA firm did not believe any sensitive information was compromised but did have to notify three banking clients of the potential security breach.

The banks were also forced to send letters to their clients warning them of the potential identity theft dangers.

The banks advised the CPA firm that any costs associated with the mailing of letters should be reimbursed by our firm. A claim’s file was established with the carrier and attorney appointed to represent our CPA client.

The cost to the CPA firm was $101,000. The firm absorded a $25,000 deductible as well a significant amount of non-billable time to bring this to a closure.

What steps could have been used to possibly prevent this claim.

  • Laptops should be locked to a desk or other larger object to avoid the random quick theft. Locks are available resembling a bicycle lock that can secure the laptop to a desk. This will not stop a thieve from cutting the lock; however, it will make it less likely that it can be stolen in a grab and run theft.
  • Laptops should be both encrypted for logging in and access to the harddrives.
  • Consider purchasing a stolen laptop tracking device, like LOJACK, that installs an external program designed to erase all data in the event it is stolen.
  • Only use laptops to access a server never store personal or confidential information, instead use the laptop as a portal to see but not store information.