Why a Cyber-Breach is An Extinction Level Event, Part IV

If you'd like to discuss risk mitigation for your company, please use this link to make an appointment.

Throughout this series, I have argued that a cyber-breach is an "extinction-level" event, meaning its occurrence will ultimately lead to bankruptcy.  This post will explain why.

Two service professions -- doctors and lawyers -- have  a duty of confidentiality. It's breach has severe consequences.  For a lawyer, it can cause disbarment; for a doctor, it can lead to a malpractice claim.

The absence of a professional duty of confidentiality does not immunize a profession from liability in the event of an unauthorized disclosure.  Many service relationships involve a non-disclosure agreement (if an agreement is not in place, it should be).  There are also several torts available in the event of a data breach, including negligence (the firm had a duty to safeguard confidential data and did not do so), public disclosure of private facts, or breach of contract.

Imagine a data breach occurs at a service firm that holds the confidential data of 100 clients.  50 client records are released in the breach.  The firm may now face 50 lawsuits involving some of the above mentioned causes of action.  While the firm would be able to survive one, the more people who sue, the greater the possibility of a bankruptcy.