Of course, you do have to subscribe to RSS feeds to be at risk but any old RSS feed can be a threat, regardless of the content source. This means any online publisher, not just bloggers, utilizing RSS feeds can be at risk for infecting their customers. If the malicious code enters the RSS feed from the publisher’s site (e.g. the code is added into the comments feature of a blog entry and the publisher doesn’t prevent it), then those harmed by the code may seek to hold the publisher responsible for financial losses resulting from the hacker’s attack. If the malicious code enters the RSS feeds from a mailing list or other third party source, the online publisher may not be responsible for its customers’ financial losses but can still incur defense costs to determine where responsibility lies.
Securing insurance coverage for “failure to prevent introduction of malicious code” (or similar language) is one solution for protecting against this new security threat. Ask your underwriter to endorse this protection onto your client’s media liability policy if the standard form doesn’t already contain such language. Some companies may not offer security protection for their media insureds as readily as they do for their internet or tech insureds. But clearly they should. For more on security threats and coverages, review the Security section of our blog.