Copyright (c) 2015 The Regents of the University of California
Business Law Journal University of California, Davis, School of Law
ARTICLE: Cybersecurity, Risk Management, and How Boards Can Effectively Fulfill Their Monitoring Role
Business Law Journal, University of California, Davis
15 U.C. Davis Bus. L.J. 201
Victoria C. Wong*
Cyber attacks on major U.S. corporations are now commonplace and well publicized. For example, in 2013, Target experienced a data breach that impacted 70 million customers over a two-week period during the busy holiday season. 1 In the weeks leading up to the Target breach, Adobe announced that at least 38 million users were affected by a loss of customer data, and shortly after increased its estimate to 150 million. 2 In 2014, JPMorgan Chase experienced a cyber attack in the summer that compromised 76 million accounts, 3 hackers stole credit card information from 56 million Home Depot customers, 4 and eBay requested that 145 million users change their passwords following an attack where hackers stole email addresses, mailing addresses, passwords, and birth dates. 5 As Professor Zittrain has noted, "attacks have become so commonplace and widespread as to be indistinguishable from one another." 6
In a data breach study, the Ponemon Institute reported that worldwide, the average cost to a company to investigate, notify, and respond to data breaches was $ 3.5 million USD in 2014, up 15% from 2013. 7 Target booked $ 148 million in expenses following its 2013 data breach for actual and pending breach-related claims, including claims by payment card networks. 8 Aside from data breaches' direct costs to the corporation, they can impact profits and the bottom line months and even years following a breach. 9
Large data breaches have negatively affected consumer behavior, loyalty, and trust in major retailers ...
If you are interested in obtaining a lexis.com® ID and Password, please contact us at 1-(800)-227-4908 or visit us at http://www.lexisnexis.com/.