Who to sue?

Recently word that a US casino was suing a cybersecurity company for failure to protect the assets of the casino. Writing for ‘The Hill’ Katie Williams writes: “Affinity Gaming hired Trustwave, a Chicago-based cybersecurity firm, to investigate and remedy a 2014 breach that compromised credit card information for around 300,000 customers”. Traditionally the stakeholder of an organization…in many cases the customers…lawyer up if there has been a breach and the PII of that customer has been stolen by hackers.


In this case, the organization is suing the cybersecurity firm for failure to protect the organization. This should serve as a reminder to everyone who has a vested interest in cybersecurity that security is a serious business and is a shared responsibility by all parties. Individuals need to protect and monitor their PII to ensure that it is being handled properly by those entrusted with it, as well as see to their own personal protection (ie…not spreading your PII all over social media, or keeping your system updated). Organizations need to exhibit due diligence in protecting data entrusted to them and adhering to best practices. They must also be very particular in what organization they contract with if they outsource their cybersecurity. Failure to do so will surely bring about the interest of the FTC. And obviously organizations that contract to protect the assets of a company need to be sure of their people, their knowledge and their ability to deliver the protection they assert they can.

Cybersecurity is a serious business and needs to treated as such. It is also a shared responsibility in which everyone involved with a particular digital system must perform to their utmost potential in the protection of the assets on that system.

Learn more about cyber liability and protecting businesses at the National Cybersecurity Institute.


Khandelwal, S. (2016, January 15). Casino Sues Cyber Security Company Over Failure to Stop Hackers. The Hacker News. Retrieved from http://thehackernews.com/2016/01/casino-hacker.html

Law.com (2016, January 19). Casino Sues Cybersecurity Firm for Woefully Inadequate Investigation. Retrieve from http://www.law.com/sites/articles/2016/01/19/casino-sues-cybersecurity-firm-for-woefully-inadequate-investigation/

Williams, K.B. (2016, January 18). Hacked Casino Sues Cybersecurity Firm. The Hill. Retrieved from http://thehill.com/policy/cybersecurity/266103-hacked-casino-sues-cybersecurity-firm