Cyber Attacks Now in the Big 4
October 24, 2008
By
Kevin G. Coleman, Certified Management Consultant and Strategic Advisor with the Technolytics Institute
Cyber attacks are now a frequent news item and have emerged as a huge risk to national security and business. Many experts believe that the next large-scale military or terrorist attack on the United States is likely to be a cyber attack. Last week, Homeland Security Secretary Michael Chertoff joined all the other group of experts and named cyber risks one of the nation’s top four priority security issues. Jim Christy, a U.S. special agent 20 year veteran specialized in cybercrime investigation publically stated that he had seen entire corporate networks of over 100,000 systems completely compromised and hundreds of thousands of files exfiltrated. He went on to say how companies do their best to cover it up. The evidence is overwhelming that cyber attacks are widespread and costing businesses and governments a bundle. The question is how much? A Congressional Research Service study estimated the annual economic impact of cyber attacks on businesses at more than $226 billion.
Spy-Ops and Intelomics worked with the Technolytics Institute and determined the following categories represent the most significant areas of loss.
· Legal Costs
· Loss of Credibility
· Tarnished Customer Relationships
· Strained Business Partner Relationships
· Competitor Leverage – including “Street Talk”
· Drop in Market Capitalization after Disclosing a Breach
Did you know that one study suggests that immediately following the announcement of a data/security breach, a publically traded company loses between 1% and 5% of their market cap. In one case that I was recently involved in, the company saw a $415 million drop in market cap the day following the disclosure of the breach. It should also be noted that the general market was up sharply the day of the loss.
We asked for a legal opinion and according to Fred Rice a lawyer specializing in corporate law and compliance said, “The significant media attention being given to the threat of cyber attack, as well as the fact that a number of high ranking government officials have warned about this threat, suggest that corporations have a duty to assess their exposure to this risk and create a cyber risk mitigation strategy. Failure to do so could constitute negligence due to the fact that in this day and age, cyber attacks are reasonably foreseeable. In addition Professor Ed Maggio of the New York Institute of Technology said, “Many organizations do not realize that they are legally obligate to prepare for and develop contingency plans for a cyber attacks.”
Organizations must wake up now and address the risk of a cyber attack as the business risk it truly is. Failure to do so can not only be catastrophic to the organization but a matter of national security.
Kevin G. Coleman, a consultant and advisor with Technolytics Institute, writes the Data Security column for TMCnet. To read more of Kevin�s articles, please visit his columnist page.Edited by
Greg Galitzine
