Information Is Valuable
According to the Federal Bureau of Investigations, identity theft is the fastest-growing white-collar crime in America. There is a very robust market for the illegal trading and selling of personal information.
The cyber world is a target of individuals and crime syndicates that focus their time and attention on exploiting this market. Motivated by personal gain, these criminals are relentless in their search for the slightest system weakness that can be exploited for their benefit.
According to the Ponemon Institute, a leading organization dedicated to independent research and education that advances responsible information and privacy management practices in business and government:
- 85% of businesses have experienced a data security breach.
- 46% of businesses fail to implement encryption solutions even after suffering a data breach.
- 82% did not seek legal counsel prior to responding to the incident despite not having a prior response plan in place.
- 95% of businesses suffering a data breach were required to notify data subjects whose information was lost or stolen.
Over 40 states require that individuals (customers, employees, citizens, students, etc.) are notified if their confidential or personal data has been lost, stolen, or compromised. The emergence of state privacy laws, various federal laws (HIPPA, Federal Trade Commission Regulations, Securities Exchange Commission), and foreign laws have created increased awareness of identity theft.
As such, there has been a rise in class action suits and regulatory actions are becoming more commonplace. The security and safeguarding of information is paramount to protecting an organization from embarrassment, reputational damage, financial loss, regulatory intervention and even public boycotting.
The depth and breadth of the potential costs and expenses from a breach are still developing and not fully known. What we do know is that organizations have already incurred significant cost and expense, from legal fees, credit-monitoring for individuals, reparations, fines, penalties and redress funds. We are still in the process of uncovering and understanding the current and evolving cyber world phenomena.