Data Breaches and Cyber Liability Assessment
Today, technological advances are made seemingly daily and institutions large and small from governments and Fortune 500 Companies to mom and pop shops are becoming increasingly reliant on technology and in turn increasingly vulnerable. The biggest appeal of technology is that it can make business far more efficient and reduce costs. However, as economists, we know that everything in life comes at a cost. Data breaches are increasing every year along with lawsuits arising from these breaches. This article will briefly discuss some of the cyber security breaches that have made headlines recently and how K2 Economics can help your company prevent a similar fate. First, let’s look at the Target data breach which affected approximately 40 million of their customers. As of December, 2015, Target has incurred the following costs in legal settlements alone:
- $10m with customers in March of 2015
- $67m with Visa in August of 2015
- $39m with MC in December of 2015
This does not include their own legal fees, reputation damage, fall in stock price, compliance investigations, additional security measures implemented, etc.
The 2015 Cyber Claims Study by Net Diligence, which analyzed records of 160 claims of cyber security breaches sustained by insurance underwriters, concluded that:
- Healthcare is the most frequently breached industry (21%) followed closely by Financial Services (17%);
- There was insider involvement in 32% if the claims submitted;
- The average claim was $673,767, the average cost of crisis services was $499,710, the average cost of legal defense $434,354, and the average legal settlement cost $880,839.
Similarly, the Ponemon Institute “2015 Cost of Data Break Study: Global Analysis” which analyzed 350 companies in 11 countries found that:
- There has been a 23% increase in total cost of data breaches since 2013;
- Data breaches cost the most in the US and Germany and the lowest in Brazil and India;
- Healthcare has the biggest per capita cost at $363;
The recent Anthem Blue Cross Data Breach that affected approximately 80 million customers is sure to have tremendous financial consequences for Anthem. As both studies found, Healthcare is the most lucrative sector for hackers as the information from a potential breach will lead to the most financial gain. According to the complaint filed against Anthem, experts opine that a single medical record can garner as much as $250 in a black market auction compared to cents on the dollar for credit card information because it includes Social Security information.
Knowing how detrimental a cyber breach can be on a business, why not take precautions and preventative measures? It is more beneficial for your company to have data valued and implement appropriate security than deal with a breach. K2 Economics can create a cost-benefit analysis by valuating data and calculate costs of upgrades based on cyber security expert recommendations.
Sample Company Example:
XYZ Healthcare currently has medical records of 5 million customers. Records include Personally Identifiable Information (PII) of names, addresses, dates of birth, and Social Security numbers. After hearing about the Anthem breach and the massive ramifications, XYZ wants to understand what their liability is in the event of a breach. K2 Economics, working in conjunction with cyber experts, will review the data and calculate the cost of a potential data breach.
Cyber experts will provide opinions on how to modernize and secure the company’s data. Costs can include additional firewalls, data encryption, increased personnel, etc. K2 Economics can calculate the present value costs of implementing these recommendations. Based on the type of information available, it is also possible to devise the probability of a breach based on current security measures in place and value of data. After performing a cost-benefit analysis, K2 Economics can work with XYZ Healthcare to make the most optimal decision for their company’s future.
It is important to note that in the event of a breach, new and upgraded security measures will necessarily need to be implemented regardless (often resulting in higher costs than if these were placed earlier). Not doing so can possibly lead to lawsuits against directors & officers for breach of fiduciary duty.