Costs Of A Data Breach

A new study of 35 companies that incurred a data breach demonstrates how expensive thse incidents are to companies. The study reports that the average total cost per reporting company was more than $6.3 million per breach and ranged from $225,000 to almost $35 million. The study also indicates that these costs are increasing each year and that financial service firms are impacted the most.

FTC Testifies On ID Theft

In testimony yesterday before the House Judiciary Committee’s Subcommittee on Crime, Terrorism, and Homeland Security, the FTC's Joel Winston testified that since 2001 the Commission has brought 14 cases since against businesses that failed to implement reasonable security measures to protect sensitive consumer data. In each of those cases the security vulnerabilities were multiple and systemic, and the preventative measures were inexpensive and readily available. The full text of the testimony is available here.

Guide For Businesses On Protecting Personal Information

Entitled “Protecting Personal Information: A Guide for Business,” this new tutorial from the FTC outlines a framework businesses can use to implement a data security plan. The framework offered in the tutorial is built on 5 principles:

1. Take stock
2. Scale down.
3. Lock it.
4. Pitch it.
5. Plan ahead.

New CRS Report On Botnets, Cybercrime

CRS recently published a new report entitled "Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues." Among the findings in the report are that "cybercrime is becoming more organized and established as a transnational business....[and that] designs for cybercrime botnets arebecoming more sophisticated, and future botnet architectures may be more resistant to computer security countermeasures."

Study Shows Low Awareness of Security Freeze Laws

A study conducted by the AARP indicates that although consumers have a high concern about identity theft, their awareness of security freeze legislation remains extremely low. The study indicates that more than half (57%) of the respondents did not know where to turn for security freeze information. For the full text of the study, click here. For a summary, click here.