by Rep. Ed Perlmutter (CO-07)
In 2014, almost half of American adults had their personal information exposed – primarily through data breaches at large companies. According to Duo Security, data breaches targeting consumer information increased 62 percent from 2012 to 2013, with a 594 percent increase in stolen records or identities.
IBM estimates businesses are attacked an average of 16,856 times a year – or 46 attacks on every business every day, nearly two attacks an hour. The average cost of a data breach is now $3.8 million, up from $3.5 million a year ago, according to data security research organization, Ponemon. Congress can no longer sit idle as our national security, businesses and constituents are increasingly at risk.
Each hack exposes vulnerabilities and compromises our personal information including our privacy, financial records and identifications. Data breaches most commonly expose personal information such as name, debit or credit card, email, phone number, birthday, password, security questions and physical address. This inconveniences our lives requiring new credit cards, credit monitoring and ID theft protection.
It is time for businesses of all sizes to get serious about fortifying their systems and mitigating the impacts of cyber-attacks and data breaches for themselves and for consumers. In September, I introduced the Data Breach Insurance Act to help prevent massive data breaches that compromise millions of American’s private and personal information.
H.R. 6032 offers a two-prong approach by providing a fifteen percent tax credit to companies who purchase data breach insurance coverage and adopt the National Institute of Standards and Technology (NIST) Cybersecurity Framework or any other standard approved by the Secretary of Treasury. In response to President Obama’s Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, NIST developed its Cybersecurity Framework with extensive private sector input and released it in February 2014. According to NIST, thirty percent of businesses currently use the cybersecurity framework to help manage their cyber risk.
The adoption of a cybersecurity framework helps prevent breaches on the front end and provides insurance to protect businesses on the back end. In addition, the credit can help offset some of the costs associated with implementing the cyber frameworks such as risk assessments, hardware/software upgrades, employee education, training, and vendor testing.
The Data Breach Insurance Act helps businesses realize the value proposition of purchasing data breach insurance and the NIST Cybersecurity Framework as risk mitigation tools. This legislation will also help foster a robust data breach and cyber liability insurance marketplace to help businesses cover legal and liability costs, costs of notifying affected consumers, business interruption, settling cyber extortion threats, among others.
With more devices, new device types, more users, and more data coming on line each year, public and private businesses along with government must work together to develop effective weapons to protect, detect and respond to cyber-attacks. As cyber-attacks become more invasive, sophisticated and frequent, it’s imperative that we stay committed to protecting the security of our businesses and constituents.
Representative Perlmutter is a member of the House Committee on Financial Services and the House Committee on Science, Space & Technology.