For those of us in the trenches of cyber security, the battle is close and dirty, following elusive hackers through a series of anomalous activities. For the legal team, the action takes place in courtrooms with motions and rulings defining the winners and losers among companies and consumers. Unfortunately, hackers are not the ones being sued; they took your data, escaped undetected and monetized the data leaving you to face the consumer lawsuits.
The nature of data breach lawsuits is evolving as consumers, and the judiciary, become increasingly aware of the value of the data stolen and the potential for personal damage. According to the 2015 Data Breach Litigation Report1, 73% of class action data breach litigation cases focused on credit card data. In a dramatic 50% shift, the 2016 Data Breach Litigation Report2 indicates that only 23% of the cases focused on credit cards. With a 25% year-over-year increase, sensitive data was the number one focus in 57% of class action lawsuits filed in 2015.
The Fair Credit Billing Act (FCBA) and the Electronic Fund Transfer Act (EFTA) that limit consumer liability and damage – coupled with rapid fraud discovery capabilities employed by the credit card companies – have devalued stolen credit cards. Hackers and Data Minersare now seeking out new data to monetize. According to the 2016 Data Breach Industry Forecast3, medical records are worth ten times more than credit card numbers on the black market. A 33% increase in the number of class action filings in the medical industry and a 53% drop in the retail sector confirm the shifting breach litigation focus.
We measure breach response in minutes and hours while court cases take months and years to resolve. Will the long-tail legal costs associated with complex class-action litigation change the way companies prioritize proactive data security? Time will tell. What is certain is that the legal fees required to defend a sensitive data breach will increase at a rate commensurate with the increasing focus of the hackers and courts on sensitive data.
For more on the changing landscape of cyber security in the healthcare industry check out this roundtable discussion with three healthcare leaders and practitioners:https://www.brighttalk.com/webcast/12349/219383