Scott Morrison hails 'miracle' as Coalition snatches unexpected victory

The Coalition has been re-elected in a shock result in which Labor lost seats in Queensland, Tasmania and NSW and failed to make more than minimal gains nationally.But former prime minister Tony Abbot...

Michelle Grattan, Professorial Fellow, University of Canberra - avatar Michelle Grattan, Professorial Fellow, University of Canberra

Coalition likely to win election in Trump-like upset, but Abbott loses Warringah

Against expectations, Scott Morrison has led the Coalition government back to power.Wes Mountain/The Conversation, CC BY-NDWith 57% of votes counted in the election, the ABC is projecting that the Coa...

Adrian Beaumont, Honorary Associate, School of Mathematics and Statistics, University of Melbourne - avatar Adrian Beaumont, Honorary Associate, School of Mathematics and Statistics, University of Melbourne

Infographic: what we know about the results of Election 2019 so far

As of 10.01pm Saturday, May 18 2019:...

Emil Jeyaratnam, Data + Interactives Editor, The Conversation - avatar Emil Jeyaratnam, Data + Interactives Editor, The Conversation

Bob Hawke, the environmental PM, bequeathed a huge 'what if' on climate change

Since the news broke of his passing, Bob Hawke has been feted as the “environmental prime minister”. From saving the Franklin River, to protecting Antarctica from mining, conservationists ...

Marc Hudson, Researcher, University of Manchester, University of Manchester - avatar Marc Hudson, Researcher, University of Manchester, University of Manchester

You are what you vote: the social and demographic factors that influence your vote

Your income, type of work, where you were born, and other social and demographic factors influences your vote more than you may think.The Conversation / ShutterstockAustralia has changed in many ways ...

Rob J Hyndman, Professor of Statistics, Monash University - avatar Rob J Hyndman, Professor of Statistics, Monash University

View from The Hill: Bob Hawke was master of managing government

It’s always easy to romanticise the past – in celebrating the prime ministership of Bob Hawke it is important to remember it had its peaks and troughs.Trouble marked many years – the...

Michelle Grattan, Professorial Fellow, University of Canberra - avatar Michelle Grattan, Professorial Fellow, University of Canberra

Vic Stockwell’s Puzzle is an unlikely survivor from a different epoch

Sign up to the Beating Around the Bush newsletter here, and suggest a plant we should cover at batb@theconversation.edu.au.On the western side of Mount Bartle Frere, the tallest mountain in Queensland...

Andrew Thornhill, Research botanist at the Botanic Gardens and State Herbarium of South Australia/Environment Institute, University of Adelaide - avatar Andrew Thornhill, Research botanist at the Botanic Gardens and State Herbarium of South Australia/Environment Institute, University of Adelaide

Vital Signs: for the best election predictions, look to the betting markets, not the opinion polls

It turns out that betting markets are quite good predictors, on average.www.shutterstock.comOpinion polls haven’t done too well in some important recent elections.Polls failed to foresee the Bre...

Richard Holden, Professor of Economics, UNSW - avatar Richard Holden, Professor of Economics, UNSW

What I learned from Bob Hawke: economics isn't an end itself. There has to be a social benefit

When I was growing up in Adelaide in the 1970s I wanted to be like Bob Hawke. Other kids generally wanted to be cricket, football or rock stars. I wanted to be a research officer with the Australian C...

Tim Harcourt, J.W. Nevile Fellow in Economics and host of The Airport Economist, UNSW - avatar Tim Harcourt, J.W. Nevile Fellow in Economics and host of The Airport Economist, UNSW

GetUp!'s brand of in-your-face activism is winning elections – and making enemies

GetUp! protesters outside the second leaders' debate in Adelaide earlier this month.David Mariuz/AAPIt can be hard for a political cause to get noticed in a jaded world awash with information, but con...

Mark Rolfe, Honorary associate, School of Social Sciences, UNSW - avatar Mark Rolfe, Honorary associate, School of Social Sciences, UNSW

VIDEO: Michelle Grattan on the passing of Bob Hawke - and the final campaign push

University of Canberra Deputy Vice-Chancellor Leigh Sullivan speaks to Michelle Grattan about the week in politics. They discuss the passing of former Labor prime minister Bob Hawke and his legacy, as...

Michelle Grattan, Professorial Fellow, University of Canberra - avatar Michelle Grattan, Professorial Fellow, University of Canberra

As we face pressing global issues, the pavilions of Venice Biennale are a 21st century anomaly

One of the most powerful images at this year's Venice Biennale is Christoph Büchel's Barca Nostra, 2018-2019, Shipwreck 18th of April 2015. La Biennale di VeneziaThe 58th Venice Biennale of Art o...

Felicity Fenner, Associate Professor at UNSW Art & Design, UNSW - avatar Felicity Fenner, Associate Professor at UNSW Art & Design, UNSW

This is what happens to a baby's body during birth

Delivering a human baby – which has a large, highly developed brain – is risky for mother and baby. jaredandmelanie/flickr , CC BYPregnancy, labour and delivery are incredibly physically ...

Ian Wright, Professor of Paediatrics and Child Health Research, University of Wollongong - avatar Ian Wright, Professor of Paediatrics and Child Health Research, University of Wollongong

Final poll wrap: Race tightens in Ipsos and Dutton just ahead in Dickson, plus many more seat polls

The election campaign is finally coming to an end, with Australians to head to the polls tomorrow.AAP/Bianca de Marchi/Tracey NearmyThe federal election will be held tomorrow. Polls close at 6pm Austr...

Adrian Beaumont, Honorary Associate, School of Mathematics and Statistics, University of Melbourne - avatar Adrian Beaumont, Honorary Associate, School of Mathematics and Statistics, University of Melbourne

imageWith a few lines of code, cyber criminals and governments have able to infiltrate the security of banks and retailers and steal hundreds of millions in customer records. Shutterstock

JPMorgan Chase early last month disclosed that cyber thieves pilfered account data on 76 million households and seven million small businesses over the summer, one of the biggest breaches ever and only the latest of the many that have made headlines in recent years. Such thefts are beginning to seem as inevitable as death and taxes.

Even worse, while some breaches are widely reported in newspapers, many more occur at small firms and receive hardly any attention at all. Since 2005, there have been more than 4,400 data breaches that have exposed close to a billion records in all, according to Privacy Rights Clearinghouse, a California non-profit that advocates for consumer privacy.

The repeated breaches lead us to ask the obvious questions: why are we seeing so many? Why are firms not protecting our data more aggressively? And what can we do about it?

As more and more data migrates into the digital realm and firms increasingly link with one another and with their consumers on faster and ubiquitous broadband networks, it is inevitable that at least some of this information will leak, whether through carelessness or malintent. But we should be able to expect that firms are investing sufficiently in their network security to keep our data as safe as possible.

Some of this is definitely happening, and firms are increasingly paying more attention. A week after JPMorgan’s disclosure, for example, the bank said it would likely double its US$250 million cybersecurity budget.

It’s important to note that data breaches do not directly hurt the firm; they most directly harm the consumer, whose personal information could then be used for fraud and identity theft. This is what economists call an “externality,” making it less likely that the company will voluntarily fix the problem since it doesn’t bare the cost. Another example of an externality is pollution, which affects not the owner of the facility but citizens living downstream from the carbon-spewing plant.

imageJPMorgan Jamie Dimon vowed to double his bank’s cybersecurity budget following the disclosure that 76 million household records were stolen.Steve Jurvetson/Flickr via CC BY, CC BY

Shining light on lapses

To deal with externalities, governments generally impose taxes and fines to recoup the resulting costs to society or penalize the behavior. In the case of data breaches, policymakers have generally used transparency as a way to ensure companies suffer some of the costs of information theft.

One of the most popular tools used are data breach notification laws, fashioned after one California passed in 2003. Currently 47 states have passed similar laws that require firms to send notices of any breaches to consumers alerting them to take certain preventive steps. The notifications are also intended to put the firm in an embarrassing position by being forced to disclose its poor security practices and thereby creating incentives to invest to better protect its data.

The Security and Exchange Commission is considering a similar effort to provide guidelines on how and when companies should disclose these risks and actual cyber attacks in their regulatory filings. These types of rules, coupled with the intense media attention following a data breach or security lapse at a firm, are meant to shine light on poor practices in hopes that the market and competition goads companies into taking adequate security precautions.

Holding companies liable

But, looking at the frequency of data breaches, these efforts do not seem to be adequate in stopping or even slowing down the pace of data breaches. So what else can we do? One possibility would be to amend tort laws so that firms that suffer a breach are held directly liable for any harm to consumers and forced to compensate them for any losses. California recently proposed an amendment to its data breach notification law that would also make retailers liable for customer financial losses. It is not clear if the bill will pass though.

A more far reaching approach would be to pass a uniform, national notification law, an idea that is being widely discussed. Currently we have a hodgepodge collection of regulations from one state to the next that seem to be satisfying no one. A federal law focused on strong transparency and penalty for negligence might provide the right kind of incentives for firms to protect customer data without the government dictating the terms.

The weakest links

But even if security at the large banks and retailers became impenetrable, thieves could still find way to steal data via third-party vendors, which do not face the same level of public scrutiny and do not have budgets to hire cyber security people of their own. Thus they are not as secure as the banks and major retailers.

The data breach that hit Target, for example, happened because of a third-party vendor. It is likely that many of these companies will have to get some sort of certification or provide contractual warranties to prove their systems cannot be easily exploited.

Criminals looking to make a quick buck from our data, of course, are not the only ones behind all the breaches. Many fingers have pointed to nation states and it is not clear whether private firms could ever invest enough in cybersecurity to thwart such attacks. It would be prohibitively costly to do so.

Companies likely need the help of their own governments, but private firms naturally find it difficult to share sensitive information, with an agency or in an SEC filing. They have more incentives to cover up data breaches.

There have been attempts to establish public policy that encourages companies to share information on intrusions and data thefts. Some of the newer proposals in the Senate and House outline ways to make it attractive for private firms to share sensitive security breach data with government agencies, even providing liability protection. The question is whether such a bill can pass or how effective it would be in spurring useful data sharing.

It will be a costly if we hope to reduce the frequency of cyber attacks and prevent the loss of our names, addresses, telephone numbers, credit card details and other private data. And those costs will likely be passed onto consumers through higher prices. At the end of the day, if we want more security (just like a safer car), then consumers have to demand it and be willing to pay for it. The hope is that in the long run, security becomes a default rather than an option.

_This article is part of a series on cybersecurity. More articles will be published in the coming weeks.

image

Rahul Telang does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.

Read more http://theconversation.com/jpmorgan-hack-signals-banks-and-retailers-can-do-more-to-keep-our-data-safe-32659