- Privacy Risk Report - https://privacyriskreport.com -

Expert Witness Testimony Must Be Accounted for While Valuing Damages in Cyber Cases

Although cyber litigation is still evolving, there has been little opportunity to consider the value of expert witnesses and consultants in these cases. However, as we begin to see more claims and litigation, there will be no question that expert witness testimony and consultation will play a larger role in cyber security. Consequently, the evidentiary weight given to expert witness testimony and credibility related to cyber litigation will be a growing concern.

In particular, forensic accountants are expected to be called upon to quantify any alleged economic damages caused by a cyber incident. In the whitepaper, “How Forensic Accountants Help In Cyber Breach Cases [1],” published by the accounting firm HSNO, it states that a forensic accountant may look at documents including, but are not limited to: historical company performance, financial statements, forecasts or projections, interviews with company management, a review of the types of data lost or accessed and a review of laws and obligations following a breach.

In another recent report, “A Guide To Calculating Business Interruption Losses Related To Standalone Cyber Policies [2],” HSNO addresses considerations to measure Business Interruption (BI) damages related to cyber incidents. In its report, HSNO defines BI as the amount equal to “the loss of net income plus continuing costs not earned.” In measuring BI, the HSNO whitepaper states its experience has indicated that “the top three measurement issues between claimed and calculated BI issues in order of frequency are: sales projections, period of indemnity and saved costs-ordinary payroll” for forensic accountants. The whitepaper analyzes measures for BI claims in the context of cyber claims in the following manner:

At present, studies have found that BI related to cyber incidents is a top concern [3], considering the potential for lost revenue caused by ransomware or some other cyber incident [4]. As a result, expert opinions and testimony related to BI will become imperative for cyber claims in the near future.

It has been clear for some time that insurers, brokers, underwriters and policyholders all need to work together in order to get the full value out of cyber insurance. In the same manner, insurers, counsel and experts will need to coordinate efforts in order to properly value damages related to a cyber claim. While cyber incidents may cause damage differently than traditional perils, such as a hurricane, in the end, the BI damages will be calculated in the same manner.