The 2012 Workshop on the Economics of Information Security is underway today in Berlin. The first paper this presented morning was an Empirical Analysis of Data Breach Litigation: a survey of 230 federal data breach lawsuits from 2005 – 2010.
- Currently, about 4% of breaches lead to lawsuits
- Financial data losses more likely to lead to lawsuits than medical or personal information. Providing free credit monitoring services reduces likelihood of lawsuit by 83%.
- Settlement fees were available for only 28 cases. Of those, mean plaintiff settlements were $2,500 (min = $500, max = $15k , n=19) per plaintiff. Mean attorney’s fees for the defense were $1.2m (min = $8k, max, $6.5m, n=15).
The paper includes a predictive model to estimate probability a particular breach will lead to a lawsuit. It’s a worthwhile analysis to identify the key elements that lead to a lawsuit and help more tightly manage your liability exposure.
Thanks to Alessandro Acquisti, David Hoffman and Sasha Romanosky for the much needed analysis.