The Government’s Role in Protecting Against Cyber Threats
Table of Contents
Cybersecurity Laws 3
Federal Laws 3
Health Insurance Portability and Accountability Act of 1996 3
Gramm-Leach-Bliley Act 4
2002 Homeland Security Act 5
State Laws 6
SEC Disclosure Rules 7
Cyber Incidents 9
Work Cited 15
Data collection has become an everyday activity of entities both big and small. Financial institutions require sensitive information, including Social Security Numbers, to access credit histories. Healthcare providers require personal information to perform diagnostics on patients. And just about all companies require both financial and personal information to process payments and conduct marketing activities.
With a growing reliance on technology, it is important for companies to protect against cyber risks. Since 2011, there have been 144 cyber data breaches at 99 different publicly traded companies or their subsidiaries. These breaches come with great costs. According to Ponemon Institute’s 2014 Cost of Cyber Crime Study: United State, the average cost of cyber-crime has risen from $6.5 million in 2010 to $12.7 million in 2014. The study also found a positive correlation between the time it takes to contain a cyber-attack and the cost associated with containing the cyber-attack, meaning it is best for companies to be prepared in case of a breach.
The type and length of time data is held varies greatly from one company to the next and is largely unregulated in the United States. One example of this is the Telecommunications industry. A document entitled Retention Periods of Major Cellular Service Providers revealed that three of the six top Telecom companies held subscriber information indefinitely. It also showed that these companies held call details from 4 months to 2 years, text message details from 60 days to 7
Cited: Acohido, B. (2009, January 23). Hackers breach Heartland Payment credit card system. Retrieved from USA Today: http://usatoday30.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm Anderson, H Audit Analytics. (2014, October 31). Cybersecurity Database. Sutton, MA, USA. Paul, I. (2012, June 6). Update: LinkedIn Confirms Account Passwords Hacked. Retrieved from PC World: http://www.pcworld.com/article/257045/6_5m_linkedin_passwords_posted_online_after_apparent_hack.html Ponemon Institute LLC Sony suffers second data breach with theft of 25m more user details. (2011, May 3). Retrieved from The Guardian: http://usatoday30.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm Target Corp US Department of Justice. (2010, August). Retention Periods of Major Cellular Service Providers. US Government Printing Office. (2002, November 25). Homeland Security Act of 2002. US Government Printing Office. (2009, August 24). 45 CFR Subpart D. US Securities and Exchange Commission. (2011, October 13). CF Disclosure Guidance: Topic No. 2. Retrieved from http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm Verizon Enterprise Solutions Walsh, E. (2014, August 7). US Homeland Security contractor reports computer breach. Retrieved from Reuters: http://www.reuters.com/article/2014/08/07/us-usa-security-contractor-idUSKBN0G62N420140807