Shostack + Friends Blog Archive


That wasn't so bad after all…

There’s an article in Wall Street and Technology, “When Risk Managers Cry Wolf.” It opens:

Avoiding “reputation risk” is a common justification for increasing security measures, protecting customers’ financial information and reporting security breaches in a timely manner. But now more than 18 months after the big ChoicePoint incident when 163,000 bogus accounts were created by ID thieves, the doom and gloom that financial services risk professionals have predicted has failed to come true.

So this means that the “reputation risk” card carries much less punch, now that consumers are content to have 97 million personal data records exposed since February 2005. Going forward, risk managers will need to rely more on the actual costs associated with data breaches, rather than play the reputation risk card.

Yep. These things don’t hurt nearly as much as some people were predicting. Can we move along, and start learning from them?

2 comments on "That wasn't so bad after all…"

Comments are closed.