- Pope Francis wins another ‘Person of the Year’ — from gay rights magazine
- Rep. Steve Stockman: Give my campaign $10, and you’ll get an Obama barf bag
- Putin: Russia to buy $15 billion in Ukraine bonds
- Expert: Obamacare ‘death spiral’ fears exaggerated
- Alabama firefighters dig for survivors of apartment blast
- Big Sur wildfire destroys home of firefighting chief
- ‘ ’Twas the Night Before Christmas’ set for mock trial to argue authorship
- Angela Merkel’s third term as Germany’s chancellor to be marked by move to left
- Mega Millions entices with record-setting jackpot: Half a billion so far
- Dennis Rodman heads to North Korea — despite execution, political purge
SHACKELFORD: Hacking of Sony could finally trigger tough action
One of the biggest identity thefts in history took place between April 17 and 19. Cybercriminals penetrated Sony's PlayStation Network and Entertainment Network and made away with the personal information of more than 102 million Sony customers - a figure close to the population of Japan. Lost information includes names, addresses, passwords and potentially the credit card information of users, setting off a public-relations disaster for Sony. The attack already has cost Sony several percent of its stock price and has led to calls for its CEO, Howard Stringer, to resign. The final tally for the attack is unknown, but data breaches cost U.S. companies on average $204 per lost consumer record. That means Sony may be liable for an eye-popping $20 billion in damages. Even more remarkable than the price tag is the fact that so few firms have recognized the danger of cyber-attacks. This finally may be beginning to change.
Cyber-attacks are widespread. More than 90 percent of respondents to a joint Computer Security Institute and FBI survey reported experiencing a cyber-attack during the past year, costing on average more than $2 million per organization. Identity theft alone costs consumers more than $5 billion per year, and firms lost another $48 billion. Fraud also is a huge problem, with more than 600,000 complaints and more than $1.8 billion in claims in 2008.
Victims of attacks and breaches in recent years have included AT&T, Bank of America, Citigroup, Wachovia, Starbucks, Nikon, General Electric, DSW Designer Shoe Warehouse, the University of Chicago and the states of Florida and New York, to name a few. A single incident involving the theft of a laptop owned by the Department of Veterans Affairs led to the loss of 26 million Social Security numbers of retired and active-duty military personnel, resulting in a class-action lawsuit claiming more than $26.5 billion in damages.
Yet despite the well-publicized cost, few companies recognize the real danger of cyber-attacks. A recent report released by Carnegie Mellon University's CyLab interviewed board members at companies with $1 billion to $10 billion in revenues and found that 56 percent considered improving risk management a top priority, but none considered improving computer and data security to be a priority.
One tool to manage liability from cyber-attacks ranging from identity theft to cybercrime and even sophisticated state-sponsored industrial espionage is the use of cyberrisk insurance policies, which are insurance policies that cover losses from cyber-attacks and data breaches. These policies have been available for years, but they aren't cheap, costing anywhere from $5,000 to $30,000 per year for $1 million in coverage. But there is some evidence that more companies are turning to the insurance market. In fact, one-third of respondents (including 80 percent of companies with $250 million to $500 million in revenues) to a survey conducted by Betterley Risk Consultants, a research and consulting firm, said they have cyber-insurance. Another 25 percent said they plan to buy it in the next 18 months. But the danger is that as cyberrisk insurance spreads, companies simply will pass off the insurance losses associated with cyber-attacks to their customers, resulting in little incentive to improve overall cybersecurity without government action.
The Sony attack may well be the tipping point. As losses mount, investors likely will stop treating cyber-attacks as a corporate nuisance and start treating them as a serious threat to the survival of firms and, at a macro-level, a clear danger to the long-term competitiveness of knowledge economies built on intellectual property.
Scott Shackelford is an assistant professor of business law and ethics at the Indiana University's business school and author of the forthcoming book "Cyber Peace: Managing Cyber Attacks in International Law, Business, and Relations" (Cambridge University).
© Copyright 2013 The Washington Times, LLC. Click here for reprint permission.
By John R. Bolton
The president fiddles at his domestic altar while the world burns
Get Breaking Alerts
- PRUDEN: The scam that will not die
- Robert E. Lee and 'Stonewall' Jackson tributes face Army War College removal
- LETTER TO THE EDITOR: Global-warming mania's deadly fallout
- Embassy Row: India strikes back over diplomat's arrest
- Wasted: Tom Coburn's 'Wastebook targets 70 days in bed, Facebook
- Army to cut up to 4,000 captains and majors
- BOLTON: Nero in the White House
- Zadzooks: The Joker sixth scale figure review (Sideshow Collectibles)
- Senators in rush to pass budget vow to undo cut to military retirement pay
- Mega Millions players dream of a green Christmas with lottery jackpot at $636 million