Software Maker Liability Is Elusive Target of Biden Cyber Plan [View all]

Source: Bloomberg Law

President Joe Biden’s push to put software vendors on the hook for cyberattacks is a significant strategy shift for an industry that has largely escaped legal liability after high-profile hacks. Data breach victims typically focus lawsuits against the primary party responsible for their personal information, and most cybersecurity software vendors are able to minimize any liability through contractual clauses, attorneys say.

Biden, in a new national cybersecurity strategy issued Thursday, proposed federal legislation that would limit contract protections and raise security standards for vendors operating in high-risk areas like critical infrastructure.

The White House didn’t propose any specific provisions for a bill. A divided Congress is unlikely to send a measure to his desk any time soon that would empower lawsuits against software companies. For now, those companies will still be able to employ a variety of tools to fend off such litigation.

Still, the strategy is a fresh look at who should be held most responsible for cyber incidents, said David Straite, a partner practicing in privacy and cybersecurity for DiCello Levitt LLC. “We can no longer say that it’s even possible for small actors, small banks, or small businesses and those sized companies to be able to protect your data. They’re going to use software and other devices,” Straite said.

Read more: https://news.bloomberglaw.com/tech-and-telecom-law/software-maker-liability-is-elusive-target-of-biden-cyber-plan