Partner Hermès Marangos comments in Insurance Post’s article on the British Airways data breach as the first major case since the General Data Protection Regulation became law.
Hermès’ comments were published in Insurance Post, 8 January 2019. The full article can be found here.
In September 2018, BA issued a statement confirming that 380,000 payment card details had been compromised between 21 August and 5 September.
The market response to the announcement was swift and punishing – the share price of BA’s parent company, IAG, slumped 4% the following day. To add to the company’s woes, on the 10 September, the UK arm of an American legal firm, Sanders Phillips Grossman, announced it was bringing a £500m group action against BA for the company’s failure to “offer financial compensation to individuals affected by the data breach for the inconvenience, distress and misuse of their private information”.
“One of the biggest issues is that the criminals and individuals involved in this kind of hacking are basically relying on companies not taking proper steps in running their businesses,” says Hermes Marangos, a partner at Signature Litigation.
He argues that from an insurance perspective, not protecting the digital assets of your business is equivalent to the impact that leaving windows and doors open would have on a home contents policy.
“As an insurer you wouldn’t want to let people be cavalier with the security of their business,” he says. But he questions, in a world that is seemingly hooked on the outsourcing of IT: “Who is liable if the software has not been updated properly? It could be the supplier [rather than the main company].”