UC Davis Law Professor Edward Imwinklereid has seen a lot of suits over the years involving cyber security breaches. They usually involve plaintiffs arguing negligence.

"But for [their] negligence, those third parties overseas or somewhere in the United States would never have obtained that sensitive information," said Imwinklereid. 

KCBS’ Jeff Bell Reports

In response, the accused companies or agencies often argue that they did all they could by employing external add-ons to safeguard information such as malware detectors and virus scanners.

But, says Imwinkereid, what companies really need are updated computer systems that embed automatic alerts and other built-in protections. He offers up the example of an employee who is taking home thousands of files every weekend, a breach that a proper security system would be able to address in two key ways.

"Number one, you get an automatic alert when this clown tries to take home 2,000 files on a weekend, and number two, you get an automatic shutdown as soon as something like that happens," says Imwinkelreid.

Security experts say such a system is totally feasible.

"You can certainly set up rules and tests to know if information that shouldn't be going out is going out in large quantities," said Michael Cherry, president of Cherry Biometrics.

Cherry and Imwinkelried have teamed up to address this concept in the current issue of the journal "Judicature," arguing that the courts can play a leading role in this reform by expanding the scope of causation arguments in cases involving computer security breaches.