BT21503 BUSINESS

ETHICS
Faculty of Business, Economics and Accountancy,
UMS
GROUP PROJECT
(30%)
ETHICS IN THE VIRTUAL
WORLD

INSTRUCTIONS:
1.
2.

Fill in Section (A) and read Section (B)

Place this form in front of your report/document for submission

Section (A)
Group Member (10 students are allowed NOT MORE NOT LESS)
1. Ruhadznilmy Eldika Fadriz bin
2. Mohd ShahMersing
Reizal bin Ambran
3. Muhammad Asis bin Lasemman
4. Mohd Marzuki bin Mohd Azhar
5. Muhammad Nasrul bin Alwi
6. Alvin bin Paun
7. Abu Hasan bin Hj. Maidi
8. Mohd Faizal bin Mahsud
9. He Chuan
10. Zhang Jing Yao

Matric No:
1. BB13110503
2. BB13161011
3. BB13161110
4. BB13161103
5. BB13110320
6. BB13110016
7. BB13161086
8. BB13110289
9. BB13170731
10. BB13170684

Section (B)
Assignment Requirement:
1.
2.

Discuss vicarious liability and cyber-liability.

Develop guidelines on managing cyber-liability for university students in general.

Assignment Output:
1.
2.

Essay for question (1) (2500 word maximum)

2-Page guidelines (maximum) for question (2)

Reminder: Essay and guidelines must be professionally written i.e. format and language/grammar.
Referencing is the utmost important. Students are strongly recommended to read on how to reference
sources where Harvard style is highly recommended. Improper referencing will be penalised 20% of
total given marks. A total absence of referencing will results in the report being rejected. Plagirised
essay will be failed.
Any documents (journal articles, newspapers clippings, reports etc.) used must be compiled as
an appendix. Students are required to upload one softcopy in the Smart2 UMS. No hardcopy
is required.
For ofice use only:
ITEMS
Content
Consistency
In-Depth
Creativity
Originality
TOTAL
GRADE
Important Notes:
Date of issue: Week 1 (08.09.2015)
(28.10.15) by 4PM

MARKS
/20
/20
/20
/20
/20
/100

Date of submission: Week 8

Penalty for late submission: 10% deduction from TOTAL GIVEN MARKS, and 5% for every extra week
after date of submission.
There is no re-submission for this assignment.

Pengiran Bagul, A. UMS (2015)

Page 1

1.0 Introduction: Vicarious Liability and Cyber-Liability

i)

Vicarious Liability
Vicarious liability can be defined as a situation where the third

party is

liable to the unlawful act taken by the first party towards

the second party (TheFreeDictionary.com, 2015). However, the third

party is only

liable to the first partys actions if they have a

legal relationship. Some

examples of legal relationship include

parent and child, husband and

wife,

employee. This essay focuses on vicarious

and

employer

liability

in

and
the

employer and employee perspective. This essay also elaborates the

factors leading to and efects of vicarious liability, and

the

steps that can be practiced by the actors to reduce the risks of

vicarious liability.
ii)

Cyber-Liability
In this modern era, being digital is a way of life and

convenience for almost every company and its customers. In the

blink of an eye, we

can get online to check our bank account

balance, pay our bills and

buy almost anything from anywhere

around the world. However, we

threat of using the cyber

cannot refuse the fact that the

technology in our lives. The digital

world is very dangerous. What is

cyber-liability? According to File

Transfer Consulting (2013), cyber- liability is the risk posed by

conducting business over the Internet, over

other

using electronic storage technology. Insurance can

networks

or

be bought and

risk-based security strategies can be used to militate

against

both the first and third party risks caused by cyber-liability. The

financial impact of cyber privacy and security threats to

businesses,

customers and in turn brands and reputations can

be severe and long

lasting. As a result, cyber-liability insurance

has become a critical

component of any risk management and

insurance program.
1.1

Factors Causing Vicarious Liability and Cyber-Liability

i)

Vicarious Liability
The concept of vicarious liability usually applies to employer

liability for the actions of their employees.

factors that cause

There are several

vicarious liability.

One of the factors that can cause vicarious liability is when

employees

acts that harm the third party were in the scope

of employment. Reiner H. Kraakman (1999) has said that principles

are jointly and

severely liable for the wrongs committed within

the scope of

employment by agents whose behavior they have

the legal right to control (p.669). Based on this factor, the third
party can transfer the

liability for any compensation from the

employees to the employer due

to the wrong act done by the

employees as long as it is in the scope of employment.

Another factor that can cause vicarious liability is when the
employer

had

inherent

According to Kraakman

authority
(1999),

to

control
vicarious

increasingly likely to be efficient as principal

the

employee.

liability

is

have greater ability

to monitor or otherwise control agent risk-taking

(p.670).

Any

act that causes any harm to the third party made by the
employees during work hours will lead the employer to
become liable

for any vicarious liability that is put by the third

party upon the

employer.

The third factor that can lead to vicarious liability is when

employers are accountable for unforeseeable actions made by their
employees in

certain circumstances such as the employee

bringing in profit for the

employer through their unforeseeable

act, so the employer should be

responsible for any losses too.

However, in some circumstances, the

company will not be liable

for the vicarious liability if there is an

agreement made between

the principal and the employees that state

the employees will

bear full personal liability for business torts on both

incentive

risk bearing grounds. According to Kraakman (1999), by

and

doing

this, it may actually decrease the safety by lowering the

expected liability of agents for their own negligence (p.672).
ii)

Cyber-Liability
All educational institutions have a variety of exposure

channels that

constitute their overall risk profile. There are

several factors that cause

cyber-liability. It includes the scope of

network operations in which higher education institutions configure

network system to allow for

multiple points of access. Outsourced

information technology (IT)

entities and other service providers

may also have direct access to the education

network, thus, exposing personal information

organizations
and

data

additional parties. According to Sarah Stephens (2008),

to

some

larger universities may have multiple departments that are not

managed by the central IT, has little connectivity to the
master

network, proprietary systems, and abide by loosely

defined privacy and

security practices, which increase the risks

to the parent organization.

Apart from that, Internet usage and social networking is one of
the

factors

that

cause

cyber-liability.

Social

sites

such

as

Facebook, Twitter, FourSquare, and LinkedIn allow students to

share personal

information in a more publicly accessible way than

ever before. Many

of the risks inherent in student, specifically

in student-athlete, social

media

reputational to them. Meanwhile, most

use

are

considered

universities

as
have

incorporated the use of social networking sites into

their students

code of conduct, with some even monitor students

postings.

Though, institutions walk a fine line when they begin monitoring

online behavior, since doing so may create a duty of care to
protect

students

(Shannon Fort,

from

dangerous

or

criminal

behavior

2008).

1.2

Effects of Vicarious Liability and Cyber-Liability

i)

Vicarious Liability
There are several efects of vicarious liability. First, vicarious

liability

distorts organizations decisions on how to structure

their agency

relationships,

incentives to hire agents

as

providing

them

independent

problem with this though, leads to organizations

their agents risk-taking decisions such
monitoring agents behavior

as

with

excessive

contractors.
that

The

can

afect

controlling

or

only when agents are

to be insolvent (Epstein & Sykes, 2001). Furthermore,

deemed
vicarious

liability deters principals from any control or authority over agents

even when otherwise would be in their best interests to do so,
and when its impact on organizational form, vicarious liability
can be

much worse than an agent-only liability regime.

Next, according to Brock, C., and Blackwell, vicarious liability

is
thinly

considered as inefficient because it encourages firms to hire

capitalized independent contractors, as this can reduce

their expected
employee agents.

liability through the use of judgement-proof non-

Lastly, the negative impact of agent-only liability is when the

defenders of vicarious liability do not provide adequate incentives
for independent contractors.

Some

organizations

may

even

encourage their agents to

take excessive risks whenever they

benefit from their agents.

Unfortunately, the incurred costs fall

on third parties all the time.

ii)

Cyber-Liability
There are many efects of cyber-liability used by any trader

who runs

their

business.

Cyber

criminals

could

exploit

this

increase in interconnectivity. Estimates suggested as many as a

trillion devices

could be connected by 2020. New technologies

create new vulnerabilities. Businesses are driven by real time data

that any

interruption towards the process chain, even for a

minute, could cause

a severe business interruption, impacting

the balance sheet.

As technology evolves, the device could last longer and may
also have

an impact, mainly when its excessive dependence on

unsupported

software

Individuals have been using

and

operating

system

up-to-date.

cyberspace for personal use surfing

the Internet. Besides that, the

use of outsourced services and

storage such as the cloud brings

impact, as well as benefits. The

prospect of a catastrophic cyber loss is

becoming more likely an

attack resulting in a huge data loss and the

subsequent

reputational damage could put a large corporation out of

in the future.

business

The negative impact of cyber-liability can also happen

unnoticed

through the global diplomacy between countries. For

example, Border Gateway Protocol (BGP) or Domain Name System

(DNS) as a successful attack on the core infrastructure can be
devastating. The main

impact

involving force or utility

of

cyber

attacks

or

incidents

companies can result in significant

disruption, physical damage, even loss of lives in the future. On the

other hand, cyber war between two

countries

Internet services throughout the world. The

could

disrupt

importance

of

protecting critical infrastructure is expected to see

governments

becoming increasingly involved in cyber safety, causing

levels

of

research

and

liabilities

(Allianz

Group

greater
Economic

Research, 2014).
1.3

Steps to Minimize Vicarious Liability and Cyber-Liability

i)

Vicarious Liability
There are numerous steps to minimize vicarious liability risks.

The first

step is to appreciate that the risk of liability for

unauthorized activities is real, and bigger than might be assumed

(Fasken Martineau Institute,

2013).

Fasken Martineau Institute (2013) added:

All employers should be aware of what employees are up to
and

establish systems to recognize any unusual activities done by

them.

Preventative steps such as using special marks on the

goods, which

makes it difficult for employees to copy the

products, are unneccesary

and considers insurance as the best

tool for security. (p.10)

According to Phillips and Cooper (2003) as cited by Bertra
(2003),

when

contemplating

hiring

any

new

employee,

employers should make

sure that the references in potential

employees resumes are

meticulously

reference(s) obtained is not positive,

verified.

If

the

employers should not hire

the prospective employees. Criminal record

checks on potential

employees should be administered specifically to

those

in

charge of handling of clients money, or making phone calls

with minors and other vulnerable clients. Employers should
also hire

accountants or auditors to detect and ward of any

illegal behavior
of money.

done by employees entrusted with large amount

Nonetheless, employees should be informed regarding

these random

checks beforehand.

Steven Wan (2010) believes that employers should create

actual and legal

control

inappropriate behavior,

prongs,

which

aware

that

received will be investigated thoroughly and

the police if the complaints lead to dire
to

distinguish

any

out

between

complaints

will be reported to

consequences.

to Wan (2010), actual control requires third

able

spell

guarantee that the system is in place

and that all employees are fully

practically

clearly

According

parties

to

infringing

and

be
non-

infringing conduct, and requires more than the potential right

to cease

all activities undiferentiated from the infringement, the

right to

terminate other activities, or the efective ability to

terminate only after

infringement

however, requires no more

is

evident.

Legal

control,

than the contractual ability to restrict

all activities. (p.75-76)

ii)

Cyber-Liability
Honig Conte Porrino (2015) has summarised the following

steps to

reduce cyber liability exposure:

Purchase adequate cyber liability insurance coverage as it

helps

individuals meet those obligations financially, while also

helping in

terms of costs of litigation relating to the breach event.

This protects

not only individuals business assets, but also

personal assets from

judgements (up to the policy limit).

Upgrade to a commercial-grade router as it provides a well

worth of

investment and the peace of mind.

Perform a thorough analysis of security systems and protocols

and

determine if there are any weaknesses. If deficiencies are

found, make

improvements.

Train employees on proper security measures.

Hire a cyber risk expert to the board of directors to ensure a
holistic

approach to risk management within a company and

can monitor the

1.4

use of formal procedures to control data security.

Conclusion
In conclusion, in the perspective of employer and employee
relationship about the vicarious liability, the employer is more
concerned about the problems rather than their employees.

This is

because in most cases regarding vicarious liability, the

employees are

the ones who cause trouble and their employer is

the one who is liable

and has to pay costs. Sometimes, the

compensation demanded by the

victim exceeds the actual losses.

This makes the employers or the

company to sufer a financial

loss. Negligence in controlling their employees is the major reason

they are involved in vicarious liability.

Thus,

take precaution steps in order to avoid these

employers
kinds

Last but not least, it is impossible for companies to

of

should

problems.

sneak

away

from vicarious liability, but reducing the risk such as delegating

their employees properly is recommended.

We can never run away from any threat in this world. The
cyber

world is very dangerous nowadays full of threat. It is up

to us to avoid

and protect ourselves from the vicious world of

Internet. Protecting it

is

never-ending

always be striving to stay one

process.

Villains

will

step ahead of those whou would

thwart their malicious actions. Cyber-

liability insurance is still a

new territory and tends to be approached

with

hesitancy

even a bit of skepticism (Leavitt Group News & Publications,

2015). The point is real, and it afects both large

and

companies. It is no longer safe in the cyber world as every

company in this world are doing everything they can to

or

March
small
single

protect

their information regarding assets, mainly from a technology

perspective.

2.0

Guidelines

University

on

Managing

Cyber-Liability

Among

Students

Network is made up of nodes and connections, linking to one

another.

In Mathematic terms, the network is a kind of figure. In

the field of computer, network transmits, receives, and shares

virtual information

to realize the sharing of resources. Network

is the most important

invention

in

the

history

of

mankind,

improving the technology and the development of human society.

Todays technology driven world has increase risks associated
with doing business online and storing sensitive data on paper and
electronically. This has spawned the need for social workers
and other
instance, in

healthcare professionals to shift the risk to insurers. For

2005, fewer than 30% of businesses surveyed by

the FBI had cyber-

liability

coverage.

Today,

over

60%

of

businesses have some sort of

cyber-liability.

their own cyber-liability issues, so do

Everyone

has

students in universities.

Below is the guideline for university students to alleviate

cyber-liability
a)

risks:

Stop spreading rumors

Network belongs to everyone, and students should be
responsible in protecting the network environment by
discouraging any rotten, low-level, destructive, and

random

b)

rumors as it can cause panic.

Stop plagiarism
Students should be conscious or fully aware that

plagiarism is a

crime; crime towards the university and to

yourself. Finding answers

for

homework is easy as pie

answers without fully

your

exam

nowadays,

but

questions
getting

or

those

understanding it does not give you

any benefits as well.

c)

Stop spreading vulgar-content items

At present diversified trend of network, bad information

has

been publicized in social media mostly by university

students;

violent

videos,

inapproriate literatures,

erotic
etc.

that

immoral contents. Students need to

pictures,

fake

and

contain

vulgar

control

themselves

not to participate these kinds of activities.

or

References:
1. Allianz Global Corporate & Specialty (2014). A Guide to Cyber
Risk: Managing the Impact of Increasing Interconnectivity.
[Online]

Available

from:

https://www.allianz.com/v_1441789023000/media/press/documen
t/Allianz_Global_Corporate_Specialty_Cyber_Guide_final.pdf
[Accessed 22 October 2015].
2. AON Risk Services (2008). Cyber Liability & Higher Education Aon
Professional Risk Solutions White Paper. [Online] Available from:
http://www.aon.com/about-aon/intellectualcapital/attachments/riskservices/cyber_liability_higher_education.pdf

[Accessed

22

October 2015].
3. Arlen, J., & MacLeod, W., B. (2005). Beyond Master-Servant: A
Critique of Vicarious Liability. USC Law and Economics Research
Paper

No.

04-28,

14-24.

[Online]

Available

from:

http://weblaw.usc.edu/centers/class/class-workshops/usc-legalstudies-working-papers/documents/04_28_paper.pdf

[Accessed

21 October 2015].
4. Bertra, J. (2003). Employer Liability for the Wrongful Acts of its
Employees, McCarthy Tetrault, 1-5. [Online] Available from:
www.mccarthy.ca/pubs/Wrongful_Acts.pdf [Accessed 20 October
2015].
5. Brock, C., & Blackwell. Vicarious Liability in the Non-Profit Sector.
[Online]

Available

from:

www.casselbrock.com/files/docs/parks_vicariousliability.pdf
[Accessed 20 October 2015].
6. Fasken Martineau Institute

(2013).

Vicarious

Liability

for

Employees: Legal and Risk Management Considerations. [Online]

Available

from:

http://www.fasken.com/files/Event/64e79902-

2f88-4030-a48b1e4582bdfa66/Presentation/EventAttachment/c9059383-45de4864-a6f0-97b5e906295f/4%20Toronto_Symposium__May_23__2013_-_Presentation_2_1__Vicarious_Liability_for_Employee_Activ.pdf [Accessed 19 October

2015].
7. File Transfer Consulting, LLC. (2013). What is Cyber Liability?
[Online]

Available

from:

http://www.filetransferglossary.com/cyber-liability/

[Accessed 21

October 2015].
8. Honig Conte Porrino Insurance Agency Inc. (2015). 5 Ways to
Reduce

Cyber

Liability

Exposure.

[Online]

Available

from:

http://honigconte.com/ways-to-reduce-cyber-liability-exposure/
[Accessed 23 October 2015].
9. James, F., Jr. (1954). Vicarious Liability. Faculty Scholarship Series.
[Online]

Available

from:

http://digitalcommons.law.yale.edu

[Accessed 23 October 2015].

10. Kraakman, R., H. (1999). Vicarious and Corporate Civil
Liability,

669-673.

[Online]

Available

from:

http://encyclo.findlaw.com/3400book.pdf [Accessed 20 October

2015].

11.

Leavitt Group News & Publications (2015). The Case for Cyber

Liability

Insurance.

[Online]

Available

from:

https://news.leavitt.com/publications/the-case-for-cyber-liabilityinsurance/ [Accessed 21 October 2015].

12. NASW Assurance Services. Malpractice. [Online] Available
from: http://www.naswassurance.org/malpractice [Accessed 23
October 2015].
13. OMICS International. Vicarious Liability. [Online] Available
from: http://research.omicsgroup.org/index.php/Vicarious_liability
[Accessed 23 October 2015].
14. TheFreeDictionary.com (2015). Vicarious Liability. [Online]
Available

from:

http://legal-

dictionary.thefreedictionary.com/Vicarious+Liability [Accessed 23
October 2015].
15. Wan, K., S. (2010). Monopolistic Gatekeepers Vicarious
Liability for Copyright Infringement. Regent University Law
Review,

Vol.

23

(65),

75-77.

[Online]

Available

from:

https://www.regent.edu/acad/schlaw/student_life/studentorgs/law
review/docs/issues/v23n1/02Wanvol.23.1.pdf
October 2015].

[Accessed

19