Broadly speaking, every business is at risk of a cyberattack. Whether it is ransomware locking down your servers, a data breach leaking client information, or an employee clicking a phishing link, there are a wide range of threats of a cyberattack. One key question this raises is: Who bears liability for such an attack?
The answer is not straightforward as liability for cybersecurity breaches can shift between vendors, employees, and third parties. This would, in turn, depend on the terms of the business’s contracts and its internal policies which is why businesses should never agree to boilerplate clauses from vendors without a detailed review and a deeper understanding of the legal implications of the relevant terms related to liability.