Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


SHOULD COMPANIES CARE ABOUT DATA BREACHES?

Source: Silicon.com

Posted on July 3, 2006

      Large companies do not have an economic incentive to prevent privacy breaches occurring, according to researchers from Harvard and Carnegie Mellon Universities this week.

      The researchers studied 78 breaches from 2000 to 2006 in publicly traded companies, and looked at whether there was any major change in the stock price. Overall, stock dipped sharply on the first and second days after a breach was revealed but started to climb on the third, and eventually reached pre-breach levels.

      On average, companies had just under $10m wiped from their stock price over the two days after the breach, leading the researchers to question whether there was any economic reason in terms of share price for companies to implement measures to stop privacy breaches.

      Researcher Allan Friedman, who appeared at the Workshop on the Economics of Information Security at the University of Cambridge on Wednesday, said: "The potential costs for the company in terms of share price may not be enough of an incentive. Should companies care?"

      If companies have to implement privacy procedures, hire lawyers to ensure compliance and track back-up tapes, it may cost more to prevent privacy breaches than ensure they don't happen, Friedman said.

      Recently, there has been a proliferation of customer privacy breaches, where confidential customer information is leaked through lost or stolen equipment, hacking, or insider attacks. It can often lead to identity theft. ChoicePoint, Ernst and Young, Medical Excess, Time Warner and UPS are all companies whose sensitive customer information has been exposed through such incidents.

      Both Friedman and fellow researcher Alessandro Acquisti stressed that companies need to consider other possible fallout from privacy breaches aside from the minimal effect on share price.

      Acquisti said: "There could be [contractual] liabilities, fines, loss of reputation, loss of sales and loss of partnerships." The researchers said it was difficult to take into account all these factors when calculating the total economic damage to a company compared with the cost of trying to guard against privacy breaches, because of the difficulties of measuring the effect of loss of reputation.

      Friedman added: "It's a harder case to show the total expected value [of preventing privacy breaches] is negative."

      Security experts from encryption vendor PGP Corporation agreed it would be difficult to measure the overall effect of privacy breaches on a company.

      Jon Callas, chief technical officer for PGP Corporation, said: "It's very hard to measure how much it loosens up customers. Some say 'I'll leave immediately', some don't. It's hard to establish how this leads to loss of revenue."

      Callas also argued that preventing security breaches can be relatively inexpensive.

      He said: "For example, if someone loses a laptop containing sensitive information. Having encryption on that laptop would have stopped the breach, as would deploying encryption throughout the company in back-up procedures, tapes and storage. If everything is encrypted properly you don't have to worry if a tape is lost."




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.