Connect with us

Cybersecurity

More Data is Necessary to Make Defending Against Security Breaches a Rational Cost-Benefit Calculation

Casey Ryan

Published

on

ARLINGTON, Virginia, June 18, 2017 – The key to defending against security breaches is collecting more data, said a University of Illinois at Chicago professor during a June 8 panel at the on the law and economics of privacy and data security.

Hosted at George Mason University here and moderated by Brenda Leong, director of strategy for the Future of Privacy Forum, the panel touched upon the often-overlooked issue of bringing cost-benefit analysis to the consideration of data security.

The two panelists were Robert Sloan, the Illinois professor, and Geoffrey Manne, executive director of the International Center for Law and Economics at GMU.

Companies don’t have to face liability for the many security breaches they face, said Sloan, who urged that businesses be responsible for their own cyber-security and that of their consumers.

Not much is being done by the medium to large companies, he said, adding that security employees are treated like they are just an extra cost that doesn’t bring revenue. The famous credit card breach by Target in 2013 is such an example.

With the chance of actually having a breach being around one-tenth of 1 percent, Sloan said, companies generally find it cost-effective not to focus on cyber-security.

“Not spending $10 million to ward off the $250 million storm is a very rational decision,” he said.

Therefore, the answer to limiting the impact of security breaches is to collect more data, he said. Although there is a cost to do security defense research, there is often not enough data to actually defend against security breaches.

(Photograph by Casey Ryan)

Cybersecurity

Despite Increasing Risk, Companies Are Still Not Prioritizing Cybersecurity

Tim White

Published

on

ARLINGTON, Virginia, June 18, 2017 – The key to defending against security breaches is collecting more data, said a University of Illinois at Chicago professor during a June 8 panel at the on the law and economics of privacy and data security.

Hosted at George Mason University here and moderated by Brenda Leong, director of strategy for the Future of Privacy Forum, the panel touched upon the often-overlooked issue of bringing cost-benefit analysis to the consideration of data security.

The two panelists were Robert Sloan, the Illinois professor, and Geoffrey Manne, executive director of the International Center for Law and Economics at GMU.

Companies don’t have to face liability for the many security breaches they face, said Sloan, who urged that businesses be responsible for their own cyber-security and that of their consumers.

Not much is being done by the medium to large companies, he said, adding that security employees are treated like they are just an extra cost that doesn’t bring revenue. The famous credit card breach by Target in 2013 is such an example.

With the chance of actually having a breach being around one-tenth of 1 percent, Sloan said, companies generally find it cost-effective not to focus on cyber-security.

“Not spending $10 million to ward off the $250 million storm is a very rational decision,” he said.

Therefore, the answer to limiting the impact of security breaches is to collect more data, he said. Although there is a cost to do security defense research, there is often not enough data to actually defend against security breaches.

(Photograph by Casey Ryan)

Continue Reading

Cybersecurity

Senate Looks for Answers During First Public Hearing on SolarWinds Cyber Attack

Tim White

Published

on

Screenshot of FireEye CEO Kevin Mandia from the hearing

ARLINGTON, Virginia, June 18, 2017 – The key to defending against security breaches is collecting more data, said a University of Illinois at Chicago professor during a June 8 panel at the on the law and economics of privacy and data security.

Hosted at George Mason University here and moderated by Brenda Leong, director of strategy for the Future of Privacy Forum, the panel touched upon the often-overlooked issue of bringing cost-benefit analysis to the consideration of data security.

The two panelists were Robert Sloan, the Illinois professor, and Geoffrey Manne, executive director of the International Center for Law and Economics at GMU.

Companies don’t have to face liability for the many security breaches they face, said Sloan, who urged that businesses be responsible for their own cyber-security and that of their consumers.

Not much is being done by the medium to large companies, he said, adding that security employees are treated like they are just an extra cost that doesn’t bring revenue. The famous credit card breach by Target in 2013 is such an example.

With the chance of actually having a breach being around one-tenth of 1 percent, Sloan said, companies generally find it cost-effective not to focus on cyber-security.

“Not spending $10 million to ward off the $250 million storm is a very rational decision,” he said.

Therefore, the answer to limiting the impact of security breaches is to collect more data, he said. Although there is a cost to do security defense research, there is often not enough data to actually defend against security breaches.

(Photograph by Casey Ryan)

Continue Reading

Cybersecurity

SolarWinds CEO Says Hack Shows Need for Information-Sharing Between Industry and Government

Tim White

Published

on

Photo of SolarWinds CEO Sudhakar Ramakrishna from Health iPASS

ARLINGTON, Virginia, June 18, 2017 – The key to defending against security breaches is collecting more data, said a University of Illinois at Chicago professor during a June 8 panel at the on the law and economics of privacy and data security.

Hosted at George Mason University here and moderated by Brenda Leong, director of strategy for the Future of Privacy Forum, the panel touched upon the often-overlooked issue of bringing cost-benefit analysis to the consideration of data security.

The two panelists were Robert Sloan, the Illinois professor, and Geoffrey Manne, executive director of the International Center for Law and Economics at GMU.

Companies don’t have to face liability for the many security breaches they face, said Sloan, who urged that businesses be responsible for their own cyber-security and that of their consumers.

Not much is being done by the medium to large companies, he said, adding that security employees are treated like they are just an extra cost that doesn’t bring revenue. The famous credit card breach by Target in 2013 is such an example.

With the chance of actually having a breach being around one-tenth of 1 percent, Sloan said, companies generally find it cost-effective not to focus on cyber-security.

“Not spending $10 million to ward off the $250 million storm is a very rational decision,” he said.

Therefore, the answer to limiting the impact of security breaches is to collect more data, he said. Although there is a cost to do security defense research, there is often not enough data to actually defend against security breaches.

(Photograph by Casey Ryan)

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending