Do you or your IT administrator pay if a cybercrime attack is made against your company?

In summer 2024, a Dutch  court ruled that an IT administrator must pay €50,000 as part compensation for the losses his client suffered due to ransomware. The court case lasted several years and was not the first case about who is liable for damage caused by cybercrime.

Also your responsibility

What do these lawsuits mean for businesses? Your IT administrator is certainly not always solely responsible for damage caused by a cyber-attack. Suppose your IT administrator creates strong passwords for you, but you choose to simplify them. That simplification makes the system more vulnerable. In case of damage caused by a cyber-attack, you are partly responsible yourself. And you will probably have to pay some of the damage yourself

Tips on how to prevent damage

Do you want to prevent damage and lawsuits? There are a few things you should pay attention to:

Work with a good IT administrator

They should be able to configure a firewall, update systems, and arrange for robust backup facilities. Pay attention to this when you are entering into a collaboration. There is a seal of approval (in Dutch) for security companies providing certain services.

Put questions to your IT administrator

You hire someone because you do not have the expertise yourself. But some IT service providers do not take adequate measures while their customrs assume everything is fine. So keep asking critical questions: how will you handle my data? Where do you store my data? Who has access to it? Is my data encrypted, and if so, how? If your administrator cannot answer those questions, it would be better for you to find another one.

Follow the advice of your IT administrator

Do not play around with the security of your system. If you give too many people access or use insecure passwords, you weaken your own digital security.

Invest in quality

Good security costs time and money. There are the technical solutions themselves, but also, for example, insurance against cybercrime. 

Make clear agreements

This might seem obvious, but it is not always so, as was shown by research carried out in April 2020 by Stichting Internet Domeinregistratie Nederland (in Dutch). In almost a quarter of cases, business owners and IT administrators have not agreed on clear arrangements for security. Record what you have agreed in a service-level agreement (SLA, in Dutch). The clearer the agreements, the better. That way, if there is an attack or a data breach, you know exactly who is responsible.