The article, citing a recent study by the Center for Strategic and International Studies and McAfee, indicates that the global cost of cybercrime could range from $375 billion to $575 billion annually, and attributes the wide range in the estimated cost to security breach underreporting. According to the article, the lack of security breach data makes it difficult for (1) analysts to accurately quantify the costs and risks of cybercrime, (2) businesses to engage in risk management, and (3) customers to understand the safety of their information.
Data breach disclosure is regulated at the state level. According to a National Conference of State Legislatures report cited in the article, 47 states (including Connecticut) and the District of Columbia have laws requiring private and government entities to notify individuals of security breaches of personally identifiable information. Standards differ between states but these laws typically have provisions addressing:
- who must provide notice of data breaches and how they must do so,
- what qualifies as “personal information,” and
- what constitutes a breach, including any exemptions.