- Hacked: Liability for Inadequate Information Security
- February 7, 2017 | Author: Theresa A. Queen
- Law Firm: Greenberg Traurig, LLP - McLean Office
- Data Breaches and Other Things That Go Bump in the Night
Millions of individuals and companies fall victim to cybercrimes every year. As technology evolves at an exponential pace, corporations become more vulnerable to increasingly severe malicious and criminal attacks. Sophisticated hackers target corporate systems and customer data. Invidious malware including “ransomware” and “denial of service” attacks can devastate entire businesses. Liability can arise from breaches of a company’s own data, that of its customers, or even that of a third-party contractor, vendor, or partner. Hackers have targeted drivers’ licenses and Social Security numbers, patient medical information, credit card data, employee data, student data, company financials, and government records.
All of this can be quite costly. According to a 2016 IBM study, the average costs of a data breach to an organization exceed $7 million. See Ponemon Inst., 2016 Cost of Data Breach Study: United States (2016). This finding reflects a typical cost of about $221 per lost, stolen, or compromised record. Id. at 1. The more records that are affected, the more expensive a data breach will be. Companies reporting the loss or theft of more than 50,000 records had an average data breach cost of approximately $13.1 million per incident. Id. at 3. Moreover, the cost of a data breach in certain heavily regulated industries, such as banking, financial services, health care, government contractors, or life sciences can be much higher, as are the social costs. Id. at 2.