- PII was the most frequently exposed data (28.7% of breaches), followed closely by PHI (27.2% of breaches).
- Lost/Stolen Laptop/Devices were the most frequent cause of loss (20.7%), followed by Hackers (18.6%).
- Healthcare was the sector most frequently breached (29.3%), followed by Financial Services (15.0%).
- Small Cap ($300M-$2B) and Nano cap (< $50M) companies experienced the most incidents (22.9% and 22.1% respectively). Mega?Cap (> $100B) companies lost the most records (45.6%).
- The median number of records lost was 1,000. The average number of records lost was 2.3 million. [What a wild distribution! Bob]
- Claims submitted for this study ranged from $2,500 to $20 million. Typical claims, however, ranged from $25,000 to $400,000.
- The median claim payout was $242,500. The average claim payout was $954,253. However, many claims in our dataset have not yet been paid. If we assume that, at a minimum, the SIR will be met, the median claim payout would be $250,000 while average claim payout would be $3.5 million.
- The median per record cost was $107.14. The average per record cost was $6,790. However, if we exclude outliers (incidents with a low number of records exposed but extremely high payouts), the median per?record cost was $97 and the average per?record cost was $307.
- The median cost for Crisis Services (forensics, notification, credit monitoring and legal guidance) was $209,625. The average cost for Crisis Services was $737,473.
- The median cost for legal defense was $7,500. The average cost for legal defense was $574,984.
- The median cost for legal settlement was $22,500. The average cost for legal settlement was $258,099.
Saturday, November 02, 2013
Granted that the “network” handled low level data, but really, FOUR YEARS? No one noticed (did they even look?) for four years?
Angela Moscaritolo reports:
The Finnish government has confirmed it suffered a “serious data security violation,” which was reportedly carried out over a period of four years and allowed hackers to pilfer unspecified amounts of data.
The breach affected the Finnish Foreign Service Internet network, which contains information and data “of the lowest classification level,” according to a statement from Finland’s Ministry for Foreign Affairs. The leak did not affect classified, confidential, or secret information, and there is no indication that any international data was stolen.
Read more on PCMag.
Do I have your attention now? Even without the skew introduced but exceptionally large breaches, the numbers should make for interesting boardroom conversation.
NetDiligence has released its 2013 report on “Cyber Liability & Data Breach Insurance Claims” based on actual claims submitted:
This report summarizes our findings for a sampling of 145 data breach insurance claims, 140 of which involved the exposure of sensitive data in a variety of sectors, including government, healthcare, hospitality, financial services, professional services, retail and many more.
Their key findings include:
You can download the report here (pdf).
Something to pass along to your Computer Security Manager
How To Avoid CryptoLocker Ransomware
Ouch! So nasty I love it!
New Yorker cover takes Obamacare back to the tech past
Would you let this man into your country? Imagine what he might reveal!
In letter to German lawmakers, Snowden speaks of his 'moral duty to act'
In a letter delivered to German lawmakers Friday, former NSA contractor Edward Snowden said he'd like to be able to travel to their country to assist in a parliamentary investigation of mass surveillance, and he accused the US government of "systemic violations of law" and of "criminalizing political speech."
Why would a Satellite or Cable company do this?
The Federal Court of Canada has ordered Canadian cable giant Bell TV to pay a Beechville, N.S., man $21,000 in damages after the company accessed his credit report without permission.
In a ruling this week, the court used harsh language to describe Bell’s conduct, saying the matter was “reprehensible” and chided the company for not even showing up to the court hearing.
The ultimate in eavesdropping?
DARPA developing implant to monitor brain in real time
Interesting. Is it a “Privacy Right,” or do we have a “Right to be left alone?” I think the latter is more easily defined and certainly more obviously violated.
Orin Kerr writes:
United States privacy law traditionally has only protected the privacy of those in the United States and U.S. citizens abroad. Over at Just Security, David Cole argues that this should change. Privacy is a human right, he argues, and U.S. law should protect the privacy of foreigners all around the world. David offers three pragmatic reasons for his approach, but I don’t find his arguments persuasive.
Read more on Lawfare.
Worth setting your DVR?
The Privacy and Civil Liberties Oversight Board will be holding a public hearing on Monday, November 4:
Consideration of Recommendations for Change: The Surveillance Programs Operated Pursuant to Section 215 of the USA PATRIOT Act and Section 702 of the Foreign Intelligence Surveillance Act
All sessions will be streamed live on www.c-span.org and live on Networks:
9:15a-11:45a C-SPAN 2 1:15p-4:30p C-SPAN
If you’d like to attend in person, the hearing will be held at:
Renaissance Mayflower Hotel – Grand Ballroom
1127 Connecticut Ave NW, Washington DC
The doors open at 8:45 am.
When people started putting TVs in cars, many states passed laws forbidding the placement of screens where drivers could see them and be distracted. Will those laws need to be modified?
Hudway app delivers windshield HUD for driving
… Hudway is a free iPhone app (coming for Android by February of next year) that reflects driving directions onto your windshield for low-visibility conditions.
It works off the back of Google Maps. You build a route on the map, which the app then preloads so it can be used offline -- useful if connection is intermittent or you don't want to use data. You then place your phone on your dashboard (we recommend securing it with some kind of mount or Blu-tack) and driving directions are displayed reflected off the glass.
A very tough business model to figure out. Even then, would it be truly profitable?
Peapod who? Online grocer shows Amazon, Walmart how it's done
… Groceries in general is not an easy business. The margins are low, the products are perishable, and the storing and transportation details can be complex. But the potential rewards are worth reaping.
There are more than 115 million households in the US, according to Balzer, and everybody needs to eat. Even a small piece of the grocery business means billions of dollars for companies, he said.
I think we need videos like these that do not assume an elementary school audience. I have math students who were never exposed to some of these basic concepts. (It wouldn't hurt to stop talking down to the younger ones either...)
– Math is a subject which everyone pretty much dislikes, but it is essential to be able to add, subtract, multiply, and devide numbers, if you are going to be financially literate in life. Therefore young kids should improve their math as much as possible. Math Live is an interactive site with lessons on all areas of math.
Just to illustrate the technologies
Turn an Android Device Into a Laptop With Four Keyboard Technologies