When one considers some of the hotly debated issues of this Obama era, they often boil down to a single, overriding question: How far should the government go in regulating things such as health care, privacy, free speech, etc.? In other words, where does personal responsibility end and government responsibility begin?
This question was particularly brought to my mind by a recent Associated Press article, which noted that cyber criminals are increasingly targeting small and medium-sized businesses. These companies don't have the same resources as larger ones, which continually update their computer security and have more sophisticated systems, according to an official of the U.S. Secret Service's office of investigations.
According to AP, organized cyber groups based abroad are waging many of the attacks. They are stealing not only credit card numbers, but also personal information—including Social Security numbers—of the cardholders.
The article adds that lawmakers working on cyber security legislation are pressing for the Obama administration to do more to prevent such attacks. But just what do these people want the government to do? If a smaller company—say a Tier III insurer or and independent agency—doesn’t spend money on basic protections, does that mean the taxpayer has to step in and buy a security software suite or firewall device for the company or agency?
The very idea is ridiculous. In this Internet age, virtually no one is unaware of the basic need to protect systems and data. In the insurance industry in particular, where customer data is our very lifeblood, it is sheer lunacy to leave such information and systems vulnerable to attack. But more importantly, whose responsibility is it to protect customer data that resides on company systems? The answer—unless you are GM or Chrysler—is that the buck stops with the company. Believe it or not, Big Brother is not always watching us, and the safety of business systems would likely not be his No. 1 priority if he were doing so.
Are we seriously suggesting that the federal government should take responsibility for the security of business data and systems? Remember, this is the same federal government whose own systems have been repeatedly hacked by foreign governments and by technologically gifted slackers who seem to have nothing more constructive to contribute to society. This is also the same administration that, despite much bombast, has not appointed a cyber-security czar.
And what of the cost issue? Unless you’re a startup working out of your garage, chances are that basic computer security technology is not out of your price range. In fact, most PCs come pre-loaded with much of what is needed. It may be true that the largest companies can more easily afford sophisticated intrusion detection technology, but some pretty good technology can be had at lower prices as well.
In the end, all companies must face the fact that basic data protection is a cost of doing business in this era. To whine about the cost and ask that the federal government provide a handout is foolish and counterproductive. Can’t you just see the bad guys chuckling as they spend all of 10 minutes cracking the standard government issue firewall?
That being said, however, government does have a role in protecting us. Our leaders must be vigilant in tracking down and capturing cyber-criminals, and once they come to trial, the penalties must be significant. Further, the sentences handed down should in no way reflect the amount of loss suffered by the victim—let them be lengthy prison stretches regardless of whether the offended party is a multinational insurer in New York or a mom-and-pop agency in North Dakota.
Ara C. Trembly (
The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.
