Our (Digital Trust) quest for errors and omissions insurance has led me to discover that many of the people I’ve worked with in the past, or hired for penetration testing services, did not have adequate insurance. Given the current climate of massive compromises by hackers, it seems more obvious now that some E&O insurance for professional is a requirement, not an option. So make sure when you’re hiring security assessors who are going to have access to your network, or draft documents concerning your network security, that they have acceptable levels of E&O insurance.
Because documents detailing your security holes, or worse, data discovered during testing, like passwords, will be wandering around on someone else’s laptop, or shooting across the Internet. If those security folks make a mistake, it could cost your company big time. If you can’t get compensation out of the security company, your company eats all the expense, and your insurance company drops you. Nobody needs that. So check that your business associates are insured, before you need to rely on it.
This blog and it’s contents copyright 2009 Digital Trust, LLC. Republication of this post is permitted provided it is strictly on internal corporate messaging systems. Any public republication or reuse is forbidden if the Digital Trust name is removed.