in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption: Can Moral Hazard Account For Low Levels Of Corporate Data Security?

Over at theconversation.com, an article is tackling "why companies have little incentive to invest in cybersecurity."  One of the arguments is that companies encounter moral hazard.  That is, they're don't really feel the effects of the risk of their actions because someone or something else is taking care of the hazard.

Moral Hazard – Beneficiaries

Moral hazard is cited as one of the reasons why the banking industry brought on the 2008 financial crisis: they were playing with other people's money, absolving themselves from the financial risks via the use of exotic options and other derivatives.  Since the downside doesn't affect them, the banks charged ahead into risky waters that culminated in a global financial meltdown.

Likewise, the argument is that companies don't really invest in data security solutions because, among other things, someone else is taking the risk.  The example given is that of Home Depot, Target, and Sony – companies that have experienced massive data breaches in the last couple of years.  Despite their ongoing tribulations, it is pointed out that insurance companies acted as a salve to their misery.  For example, Target, whose data breach expenses reached $252 million so far, saw a $90 million reimbursement from insurance companies.

Target wasn't the only recipient of a risk transfer.  Home Depot, which had the dubious honor of being the retailer with the largest data breach (until Target came along, that is), also saw its expenses reduced by about one-third when it received $15 million from its insurers.

Moral Hazard – Benefactors

So, to whom was the risk transferred to?  Easy.  The insurers.  But then again, it seems wrong to bring up "moral hazard" with such parties because that's what they're there for: insurance companies are meant to take on risk.

Then there are the credit card companies.  According to the same theconversation.com article, credit unions spent $60 million to replace the credit and debit cards affected in the Home Depot debacle.  No doubt a similar figure will spring up once Target's data breach is contained.

And ultimately, there're the customers.  Even if made whole by either their banks or the breached entities, customers don't get compensated for the lost hours, frustrations, and other aspects related to rectifying the situation.

If breached entities had to compensate for all the problems they created – that is, the moral hazard aspect is minimized to zero – then they wouldn't be so cavalier when it comes to data security.  At least, that is the idea.

Related Articles and Sites:
http://theconversation.com/why-companies-have-little-incentive-to-invest-in-cybersecurity-37570

 

 
<Previous Next>

Laptop Disk Encryption: Pioneer Bank Alerts Customers Of Laptop Theft

Medical Laptop Encryption: Michael Schumacher's Doctor's Offices Burglarized

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.