This question was particularly brought to my mind by a recent Associated Press article, which noted that cyber criminals are increasingly targeting small and medium-sized businesses. These companies don't have the same resources as larger ones, which continually update their computer security and have more sophisticated systems, according to an official of the U.S. Secret Service's office of investigations.
According to AP, organized cyber groups based abroad are waging many of the attacks. They are stealing not only credit card numbers, but also personal information—including Social Security numbers—of the cardholders.
The article adds that lawmakers working on cyber security legislation are pressing for the Obama administration to do more to prevent such attacks. But just what do these people want the government to do? If a smaller company—say a Tier III insurer or and independent agency—doesn’t spend money on basic protections, does that mean the taxpayer has to step in and buy a security software suite or firewall device for the company or agency?
The very idea is ridiculous. In this Internet age, virtually no one is unaware of the basic need to protect systems and data. In the insurance industry in particular, where customer data is our very lifeblood, it is sheer lunacy to leave such information and systems vulnerable to attack. But more importantly, whose responsibility is it to protect customer data that resides on company systems? The answer—unless you are GM or Chrysler—is that the buck stops with the company. Believe it or not, Big Brother is not always watching us, and the safety of business systems would likely not be his No. 1 priority if he were doing so.
Are we seriously suggesting that the federal government should take responsibility for the security of business data and systems? Remember, this is the same federal government whose own systems have been repeatedly hacked by foreign governments and by technologically gifted slackers who seem to have nothing more constructive to contribute to society. This is also the same administration that, despite much bombast, has not appointed a cyber-security czar.
Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant and a longtime observer of technology in insurance and financial services. He can be reached at firstname.lastname@example.org.