Cyber-Crime and Business: Think of a Number and Double It
Chick-Fil-A and Morgan Stanley are the most recent big names to join the long list of major U.S. companies to have their systems hacked into, putting customers’ financial data at risk. The concern, though, is those companies that are not publicly admitting that they’ve been infiltrated by cyber bandits. This is partly due to the fact that much hacking goes undetected. At the same time, businesses sometimes try to cover up breaches of data security to avoid public embarrassment and loss of confidence. Earlier this month, the White House launched a new drive to improve data security and privacy via the Personal Data Notification and Protection Act, which would require companies to tell customers within 30 days of discovering that their information has been hacked into. Currently, there is just a patchwork of state-level laws that offer consumers very little real protection. In the absence of a strong federal disclosure law, the losses that companies suffer from hacking are largely a matter of conjecture. If there were more disclosures — and, consequently, more information on the amount, types, and costs of cyber-crime — the thinking is companies would have a better idea how to spend their information-security budgets. In addition, it would be easier to work out what sort of insurance coverage to buy. American businesses’ spending on such policies soared from $1.3 billion in 2013 to roughly $2 billion last year, calculates Andreas Schlayer, a senior underwriter at Munich Re.