The story at Quartz.com:
http://qz.com/356274/cybersecurity-breaches-hurt-consumers-companies-not-so-much/
The reason is that the retailer themselves are not fully liable, since the financial institutions that issued the credit and debit cards had to reissue the cards
hackers are out there.
And of course Sony:
“The now infamous Sony breach supposedly perpetrated by North Korea at the end of 2014 drew initial loss estimates of more than $100 million. In the end, the breach did not actually cost Sony very much at all.“
Sony got less than 2% of sales in actual costs due to the cyberbreach.
The cost for Target and Home Depot after insurance offsets were in the range of less than 1% of sales.
It is unfortunate the effect of the cyber breaches, but I believe the impersonal nature of a cyber breach and the financial institutions taking the large effect of the cyber breach has caused a ho hum attitude of business and customer of establishments. Sure it is good to be more secure, but this is not an easy issue, so the end result is nothing happens.
Quartz says this is a “moral hazard” because someone else is affected by the actual data breach more than the company being breached.
Also there will be more government regulations on this type of issue. (Like Australia has done)
So this very fluid even an out of control cyber security problems are creating an uncertain landscape
The uncertainty is only for the consumer, the big department stores which have faulty security practices do not ahve an appreciable effect (less than 1%), so the boards may pay attention, spend a little more money, but real change? Color me skeptical.
I believe until the consumer decides not to go to places that are not secure then this cyberbreach scenario will happen again and again.
Repeat cycle wash dry etc.
So what about us IT people looking to make things better? How do we get management to understand that we can make things better? We have to learn how to present the situation with the facts and present solutions to specific problems. There has to be concrete projects with improvement of cyber security in mind.
We have presented many solutions like that on this site:
http://oversitesentry.com/cyberwar-you-aint-seen-nothin-yet/ 3/11
The problem will not go away, and will in fact get worse, since there are no real affects for the big companies
and the criminals are hard core – they are not going away.
http://oversitesentry.com/russian-criminal-website-taken-down-by-fbi/
For consumers the choices are difficult, how do we know where to shop? The criminals value each email and computer, and it is easy to hack computers in the tens of thousands (which are then called botnets).
I have made some assumptions after viewing krebsonsecurity.com
http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/
http://krebsonsecurity.com/wp-content/uploads/2012/10/HackedPC2012-600×381.png
And have made a purely arbitrary value of ~$30/ user.
So My point is that if it is a moral choice – then we need to do the right thing and secure our networks and protect our machines to the best of our ability.
Use the following moral values:
Youtube video (regarding ΦΙΛΟΤΙΜΟ)
Filotimo is a friend of honor – where the person strives to do the right thing.
1 thought on “Most Companies No Appreciable #Cyberbreach Effect True”