Empirical Analysis of Data Breach Litigation

The 2012 Workshop on the Economics of Information Security is underway today in Berlin.  The first paper this presented morning was an Empirical Analysis of Data Breach Litigation:  a survey of 230 federal data breach lawsuits from 2005 – 2010.

Some highlights:

  • Currently, about 4% of breaches lead to lawsuits
  • Financial data losses more likely to lead to lawsuits than medical or personal information.  Providing free credit monitoring services reduces likelihood of lawsuit by 83%.
  • Settlement fees were available for only 28 cases.  Of those, mean plaintiff settlements were $2,500 (min = $500, max = $15k , n=19) per plaintiff.   Mean attorney’s fees for the defense were $1.2m (min = $8k, max, $6.5m, n=15).

The paper includes a predictive model to estimate probability a particular breach will lead to a lawsuit.  It’s a worthwhile analysis to identify the key elements that lead to a lawsuit and help more tightly manage your liability exposure.

Thanks to Alessandro Acquisti, David Hoffman and Sasha Romanosky for the much needed analysis.

Posted in Uncategorized | Comments Off