Two class-action lawsuits that could come before the Supreme Court this term seek to determine just how bad a cybersecurity lapse must be before customers can sue.

In both cases, federal appeals court judges formally approved lawsuits by thousands of consumers who want to collectively sue major companies for cybersecurity failures — even though the customers couldn’t prove they’d suffered any direct financial harm from the companies’ digital negligence.

The companies are asking the high court to overturn the lower court decisions allowing the lawsuits. They argue that customers must suffer some concrete financial or physical harm before they can demand compensation for a data breach or for hackable vulnerabilities discovered in their products.

Consumers, however, contend that setting such strict standards would give negligent companies a pass for not sufficiently protecting their products and data.

If the Supreme Court rules on either case, it  could fundamentally reshape the responsibility the private sector has over the security of Internet-connected products that could endanger consumers' privacy or even their lives in the case of things like cars and medical devices.

If the court sets a high bar for consumers to sue, it could prompt companies to play fast and loose with their data. If that standard is too low, however, it may deter companies from sharing information about newfound computer bugs or investing in new technologies out of fear they’ll be on the hook for legal damages.

“You’ve potentially jacked way up the monetary costs from a vulnerability that’s disclosed down the road,” Megan L. Brown, an attorney with Wiley Rein who deals in complex litigation and technology, told me. “That may affect a company’s risk calculation and make them not do some things.”