Year in Review: Cybersecurity and Data Privacy

Now that the year is at a close.. what can we say about the state of cybersecurity and data privacy?

The recent hack of Sony Pictures is only the latest security breach to impact the business community. Overall, 2014 saw several key developments in the arena of cybersecurity and data privacy. In case you missed some of our posts, below is a brief recap:

Growing Cybersecurity Threats:

On average, there are 117,339 incoming cyberattacks each day, according to the latest reports. Cyberattacks are also becoming more costly, with the number of businesses reporting losses of $20 million or more nearly doubling in 2014. The top causes of data breaches continue to include malicious insiders, human error, and system malfunctions. Cyberattacks account for 42 percent of all data breaches, while employee negligence and system glitches account for 31 and 25 percent of data losses, respectively.

BYOD Policies:

Businesses are increasingly allowing employees to use their own devices to perform work tasks, such as responding to client emails, scheduling meetings, and preparing reports. While bringing your own device (BYOD) to work may be convenient and economical, failing to have comprehensive BYOD policies and procedures can greatly increase the risk of data breaches and other security concerns.

Microsoft Search Warrant:

Microsoft Corporation is currently fighting a search warrant from the Department of Justice to obtain information stored on Microsoft’s servers located in Ireland. So far, courts have ruled that the Stored Communications Act requires internet service providers (ISPs) to produce information under their control, albeit stored abroad, to law enforcement in the United States. In response to the decision, the Congress is considering the Law Enforcement Access to Data Stored Abroad Act (LEADS Act), which would authorize the use of search warrants extraterritorially only where the government seeks to obtain the contents of electronic communications belonging to a United States person.

Insurance Risks:

While older policies were unclear regarding whether coverage existed for cyberattacks and data breaches, insurance companies are increasingly including policy language that expressly excludes these types of losses. Accordingly, the sale of cyber insurance policies is rising. In fact, one in three businesses now carry insurance intended to cover data breach losses.

Board Oversight:

This summer, the Securities and Exchange Commission’s Luis Aguilar highlighted that a company’s top executives must play an active role in cybersecurity and data protection. “Board oversight of cyber-risk management is critical to ensuring that companies are taking adequate steps to prevent, and prepare for, the harms that can result from such attacks. There is no substitution for proper preparation, deliberation, and engagement on cybersecurity issues. Given the heightened awareness of these rapidly evolving risks, directors should take seriously their obligation to make sure that companies are appropriately addressing those risks,” he stated.

Do you have any insight or questions regarding cybersecurity and data privacy, feel free to leave a comment below.