May 18, 2012
You don’t have to be considered a technology company to be involved in and rely upon technology for your day to day business operations. Companies of all sizes take advantage of digital marketing, software management systems, cloud computing, digital communication devices/systems and computerized hardware and machinery.
Along with all the advantages of these technologies come risks that can affect a company’s profits and reputation. In focused analyses of our tech-sector clients we found many of these risks actually apply to non tech-sector companies as well. General consideration in managing risk includes identifying potential exposures and weighing the potential impact and likelihood of events against your corporate goals.
Data Security Primer:The amount of information available to human beings has expanded exponentially through increased capacity in data storage, cost reduction and high speed mobile and internet communication. In the past thirty years hard disk prices have dropped from $200,000+ in 1980 to under $0.10 per gigabyte.
Add in wireless internet, micro electronics and the ease with which data can be copied, stored and disseminated across the globe in seconds and you can see the issue of managing digital information is only going to increase in importance.
A large percentage of the total value of a Fortune 500 company can be Intellectual Property. Most of that value has been digitized at some point and/or transmitted through email. Considering this, the value and liabilities arising out of the content of the digital information possessed by businesses today is high.
What these points illustrate is that there is a perfect storm consisting of the exponential increase in both the storage and mobility of highly valued and sought after digital information and the increasing sophistication and ease in which it can be accessed and disseminated.
What is the threat? Risks can be classified into two areas: 1st and 3rd party risks. Examples of 1st party risks to your company include: loss of data, lost revenue from your computer operations being shut down, extortion, computer fraud, and damage due to viruses/hackers/sabotage. Examples of 3rd party liability risk to others include: lawsuits from individuals and corporate entities for financial damages arising out of theft, disclosure or breach of confidential information, intellectual property infringement, and transmission of a virus or denial of service to authorized users.
Because of the global nature of digital communications, companies can be subject to state, federal and international laws and regulations. At least 45 states in the US have privacy laws. Any organizations that process, store or transmit credit card information should review compliance with The Payment Card Industry Data Security Standard (PCI DSS) to avoid penalties and risking their relationships with banks or companies such as VISA, MasterCard and American Express.
Where is it coming from? Attacks can come from both external parties and internal (such as a rogue or disgruntled employee). Along with infection, theft of laptops or mobile devices is a prominent area.
What is at stake? According to a survey released by The Ponemon Institute, LLC (U.S. Cost of a Data Breach Study), the cost of actual data loss incidents incurred by 45 different organizations with breaches of 5,000 to over 100,000 records in 15 different industry sectors was $204 per record with an average organizational cost of $6.75 million. 42% of the breaches involved mistakes or errors by third party providers with the most costly being off shore. Consider the indirect costs of damage to company reputation, loss of market share and possible reduction in stock value. According to privacyrights.org since 2005 there have been over 350 million personal records compromised. The number of many of these breaches is unknown. A breach by credit card processor Heartland Payment Systems alone was estimated to be at least 100 million records. The company has agreed to pay $60 million in damages.
In conversations with IT professionals when it comes to cyber security there is no 100% guaranteed solution and success can depend on the motivation and capability of those intent on penetrating your firm’s security systems. Even the government is not immune. Incidences involving terrorism and cyber warfare have elevated this issue to an international level.
Is there a remedy? Attorneys specializing in intellectual property, privacy and data security can be invaluable in advising on legal compliance and contract negotiation. IT professionals are critical in security safeguards and best practices. As a backstop against financial loss, also consider the many insurance policies available and the expertise of your insurance agent to help you cover a variety of technology related exposures.
