Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
Cyber crime has surpassed the financial losses from traditional crimes. Fears of a major cyberattack on banks have been rising since hackers successfully stole nearly $100 million from Bangladesh’s central bank in February 2016. Shortly afterwards, Russian central bank officials disclosed that hackers stole more than $31 million (two billion rubles at the time) from the country’s central bank and commercial banks.
California adopted Government Code section 8586.5 creating the California Cybersecurity Integration Center. Its primary mission is to reduce the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or public and private sector computer networks in the state.
The market for cyber security is estimated to be more than seventy billion dollars ($ 70,000,000,000) in 2014. Of that amount, sixty-seven billion dollars ($ 67,000,000,000) is estimated to be spent nationally by private companies for computer and network security and the United States Department of Defense is planning to spend four billion six hundred million dollars ($ 4,600,000,000).
In the last decade the Federal Trade Commission (FTC) started to police companies for exposing the data they collect from consumers to the threat of breach. In a 2017 case the FTC filed an enforcement action against a company allegedly engaging in unfair and deceptive practices in the marketing and sales of routers and internet protocol (IP) cameras. The FTC alleged this company represented its products featured the latest wireless security to help prevent unauthorized access and the best possible encryption protections. The FTC also alleged this company failed to protect its products by not providing “easily preventable” measures against hard-coded user credentials and other backdoors, not maintaining the confidentiality of the private key the company used with consumers to validate software updates and not deploying free software updates to secure user’s mobile app login credentials. As a consequence the FTC alleged consumer sensitive personal information and local networks were at significant risk of being accessed by unauthorized agents.
The FTC initiated actions against Wyndham hotels and three subsidiaries, alleging that data security failures led to three data breaches at in less than two years. According to the complaint, these practices included several breaches including the failure to use readily available security measures, such as firewalls and storage of credit card information in clear text. According to the complaint, those failures resulted in millions of dollars of fraudulent charges on consumers’ credit and debit cards — and the transfer of hundreds of thousands of consumers’ account information to a website registered in Russia.
The FTC, argued these practices were ‘unfair’ acts prohibited by Section 5 of the FTC Act. An unfair act under Section 5 are those that “cause or are likely to cause substantial injury to consumers which are reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.”
Companies that sell products or provide services related to cybersecurity are exposed to civil liability for claims of breach of express or implied warranty or negligence claims by consumers including possible class action lawsuits.