Cybersecurity as an Unfair Practice: FTC Enforcement under Section 5 of the FTC Act
Cyber attacks seem only to be increasing in frequency and severity. Major data breaches suffered by companies such as Target, Sony, Anthem Health Care, and others, have exposed hundreds of millions of individuals to the risk of credit loss and identity theft. Virtually all industries have been targeted. Moving past credit cards, cybercriminals are increasingly going after proprietary business data and deploying ransomware and cyber blackmail. They are holding data hostage and attempting to extort millions of dollars from companies who wish to avoid the risk of data loss and public embarrassment. Often, attackers find their way to company data through vendors, who provide technical or financial services or through targeted e-mail attacks directly on company employees, using social exploits to induce unsuspecting individuals to open e-mail attachments and download malware. Companies who are victims of these attacks have suffered huge financial losses. According to the Ponemon Institute in 2015, the total average cost of a data breach is now $3.8 million, up from $3.5 million a year earlier, or $154 per individual record lost or compromised. These costs do not even include other, less direct costs, such as the loss of business or reputational damage.