A guide to tracking cyber crime ( Una guía para el seguimiento de la ciberdelincuencia)
Examining technology errors and omissions cases related to cyber crime can shed some light on the staggering costs of both data breaches and misusing personal consumer details, based on a sampling of cases from Advisen’s Loss Insight database.
Such cases range widely in both cost and number of individuals affected, from a high price tag of $95 million in one case involving credit card processor Global Payments Inc. to a low of $1 in a personal privacy case decided against the Google for its “Google Earth” feature.
As with most cyber-related issues, the number of tech E&O cases has been on the rise, according to Advisen data (see chart below).
After a slight dip in 2012, cases soared to an all-time high in 2013. Despite that drop in 2012 (that, while lower than 2011’s case count, was still significantly higher than 2010 and earlier) the year also featured the $95 million data breach experienced by Global Payments.
Notably, the Global Payments case affected just 1.5 million individuals, well below the tally for other incidents. The company has reportedly only recovered $2 million in insurance payments due to claims related to the data breach.
According to Advisen data, the most prominent type of tech E&O case has related to violations or disruptions of system or network security, followed by digital data breach, loss, or theft (see chart below).
Over time, the cases related to digital data breach have come to represent a lower percentage of all cases overall, with system/network violations or disruptions occupying a much wider portion of the field. Privacy violations rank third among the types of cases and Advisen data show that many court cases relate to consumers irate with businesses over their use of personal information, usually for advertising or marketing purposes.
For example, Facebook has been subject to several lawsuits, including a $20 million class action settlement, for its practice of using members’ names and images without consent to advertise third-party goods and/or services.
Criminals need an avenue to access the data they seek and Advisen’s Loss Insight shows that servers are most frequently their choice (37.26 percent), followed by websites (24.80 percent). A distant third and fourth included social media outlets (6.64 percent) and email (6.10 percent).
Advisen data show that social media gave rise to several cases involving cyberbullying, which resulted in lawsuits against individuals, including one fraud conviction against a Missouri woman who was accused of having driven a teen to suicide. Facebook, Twitter and Snapchat have all offered ways for individuals to cyberbully others, leading to claims of misuse and poor monitoring on the part of those social media services.
By a wide margin, personal privacy was the most frequent casualty of tech E&O cases (48.56 percent), making up nearly half of all cases. The second largest type of loss was personal financial identity at just over 30 percent.