Corporations with vested interests are forever extolling the virtues of the cloud.    They are even prepared – in the process engaging in deceptive and misleading conduct in breach of trade practice-type legislation – to confidently assert (based on what one has to query!) that the cloud is secure.     It clearly isn’t….. as hardly a day goes by without a report of a significant breach of security somewhere in the world because this or that corporation’s data in the cloud has been hacked.     Let the stats speak for themselves:

 “It is estimated that nearly 30,000 websites are infected with some type of malware every single day.  Some attacks from recent history you may remember is the Target hack, where 70 million people had their information stolen, and also JP Morgan Chase where over 76 million households were affected and 7 million small businesses were compromised.  Many people tend to think that only large companies are targeted by hackers, but that is not the case.  Most of the businesses that are affected by hackers are small businesses and you do not want to be one of them!   Personal blogs, company websites, and large news sites, are just a few examples of the things hackers can target.  Wherever they see an easy target, they will do anything to capitalize on it by spreading malicious software or stealing information.  Some of these statistics will give you an idea about cyber attacks and how many people are affected by it.  
  • According to “it takes only 10 minutes to crack a lowercase password that is 6 characters long. Add two extra letters and a few uppercase letters and that number jumps to 3 years. Add just one more character and some numbers and symbols and it will take 44,530 years to crack.”
  • Nearly three quarters, 73 percent, of all Americans have fallen victim to some type of cyber crime.
  • “In a recent survey it was reported that 90 percent of all businesses suffered some sort of computer hack over the past 12 months and 77 percent of these companies felt that they were successfully attacked several times over the same period of time.”
  • “Over 27 million Americans have fallen victim to identity theft over the past five years. 9 million of them found their identities stolen in the last year alone.”

So, there is a hack or a corporation or institution – a la a hospital, as happened recently – is held to ransom.   There is undoubtably a loss suffered and a cost associated with what has occurred.   Intel Security puts the cost bluntly:

“Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the global economy from cybercrime is more than $445 billion, including both the gains to criminals and the costs to companies for recovery and defense. A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion.”  
The actual direct “victim” of the hack or subject of a ransom will almost certainly recover any loss it has suffered consequential to the cyber breach.   Some insurer will pick up the tab for the loss.   NetDiligence Cyber Claims Study 2014 provides some interesting stats:
“PII was the most frequently exposed data (41% of breaches), followed by PHI (21%) and PCI (19%).
Hackers were the most frequent cause of loss (30%), followed by Staff Mistakes (14%).
Healthcare was the sector most frequently breached (23%), followed closely by Financial Services (22%).
Third parties accounted for 20% of the claims submitted.
There was insider involvement in 32% of the claims submitted.
The median per-record cost was $19.84. The average per-record cost was $956.21.
The median cost for legal defense was $283,300. The average cost for legal defense was $698,797.”
But, one might well ask, what about the poor individual down the line whose data has become public property, or whose identity has been stolen or whose medical records are available to the world at large?
They don’t fare that well.   In some jurisdictions legislation affords protection provided the claimant can establish loss and damage.    But how to calculate that?    A truly vexed question – and one not really properly addressed anywhere in the world.
One web site in the US providing free legal advice on whether an individual can sue for a hack paints this rather dismal picture:

“Not surprisingly, consumers who have had their personal data stolen have turned to the courts for redress.

Two former employees of Sony Pictures filed a class-action lawsuit in December charging that the company failed to properly secure sensitive employee information, such as Social Security numbers, birth dates, salary information, and medical information.

Sony reportedly kept important passwords in unencrypted Word documents with names that included the term “passwords.”

Consumer lawsuits based on data breaches rarely succeed, for a variety of reasons. For example, consumers may not be able to prove that they were actually harmed, but merely that they face the potential for harm.”

There can be little doubt that with the increase in hacking, that either through legislation being put in place facilitating the ability to sue, or courts handing down decisions providing definitive guidelines on how the whole subject of loss and damage to the individual is to be dealt with, that all one can presently do is
  • not to trust those who so confidently assert that the data they hold – that is, including yours- is secure from being hacked, and
  • better still, use LifeBank and HealthBank – totally off the cloud and fully encrypted – in order to keep secure, and safeguard, one’s private data from prying eyes.