Cybersecurity Risks and Incentives
Business leaders across America continue, in largely increasing proportions, to cite cybersecurity as a leading concern to their organization. In fact, according to the 2016 Travelers Risk Index (an annual survey on the biggest worries for businesses and consumers), 54% of enterprise leaders share this view. This complements the mere 13% who feel their organization is as well-protected as possible. Specific areas of worry range from hacking to adequate resources in the event of a data breach, with 81% of those surveyed not confident in their response capabilities. Tellingly, when the topic turned to emerging areas of risk, many respondents said the evolution of technology weighed heavily on their minds. How could it not, especially when you consider things like the proliferation of mobile devices in the workplace, or the internet-readiness of more and more devices in general?
Perhaps similarly recognizing these concerns, legislators in Congress have been attempting to do their part to ensure optimal security. Recently, opting to use incentive rather than mandate, Rep. Ed Perlmutter (D-Col.) introduced a proposal to subsidize cyber insurance for businesses—a Data Breach Insurance Act that would offer a deduction of 15% of the total cost of breach insurance. Of course, the ideal is to avoid landing in a position where you would need to avail yourself of such aid, but since that becomes less likely with each passing year, the bill also encourages companies to implement best practices for their cybersecurity situations. Besides the cost to businesses, customers also bear the risks of a cyber attack, with less recourse to mitigate the damage done to their credit, bank accounts, etc.
Other elected officials are also taking notice of the changing landscape. In the wake of the massive Yahoo breach, which occurred in 2014 and was only recently revealed, Senator Mark Warner (D-Va.) has called for the Securities and Exchange Commission (SEC) to investigate whether or not the company properly disclosed the incident. Warner states that Yahoo learned of the breach in July, but did not file a disclosure form to notify the public. Over half a billion users were affected by the breach, which compromised user names, email addresses, passwords, security questions, and more.
For those affected, changing passwords should be a no-brainer, and should have been done immediately anyway. As always, also keep an eye on your financial accounts, on guard especially for any unusual activity. And please, for all that is good and holy, watch out for phishing scams.