Contact Us

Sony Hack: Costs of Cyber Attacks and DIY Data Management

Data Security

Cloud Hosting Becomes More Appealing for Data Security as the Costs of Cyber Attacks Add Up: A Lesson From Sony Pictures Entertainment

This blog post is for informational and educational purposes only. Any legal information provided in this post should not be relied upon as legal advice. It is not intended to create, and does not create, an attorney-client relationship and readers should not act upon the information presented without first seeking legal counsel.

The cyber-attack on Sony Pictures Entertainment, allegedly incited by the proposed release of the movie “The Interview” can provide a hard but necessary lesson for businesses considering the costs of managing and securing their information assets in-house rather than leveraging cloud hosting.

Indeed, the Sony hack is yet another example of the practical affects to a company’s bottom line that result from a large scale data security breach. One analyst is projecting that this breach could cost Sony as much as $100 million, not counting the unquantifiable loss in goodwill.  Sony has had to invest time and money to determine the cause of the security breach, the extent to which its files have been accessed and disseminated, and to reconfigure and redesign its data security policies. The company will also have to continue to spend money to pay for lawyers and others to try to mitigate its exposure. These legal steps have included cease and desist letters to all of the publications and outlets that have been publishing information obtained from the leak and defending the company in a recently filed class action law suit litigation from employees and, perhaps, later from shareholders alleging corporate waste and violations of directors’ fiduciary duty in failing to have adequate data security controls. The fees will also most likely include responding to investigations from governmental agencies that may include the Federal Trade Commission and Securities and Exchange Commission and, perhaps, state attorneys general.

Sony has also lost an immeasurable amount of goodwill and other valuable assets like strategic planning and trade secrets that affect a corporation’s profits. During the cyber attack, the hackers obtained confidential personnel records of its employees and numerous embarrassing emails from executives, all of which endanger Sony’s relationships with current and future employees, vendors and contractors, and talent. Other information obtained in the breach, like marketing information and strategies, forthcoming movies, documents relating to negotiating tactics, and other trade secrets will also cost Sony financially in terms of lost profits and competitive advantage, though a fixed number will be difficult to determine. Companies that do business with Sony, or whose managements receive guidance from Sony executives who sit on a company’s Board of Directors may also suffer losses, as communications between the company and a Board member who is a Sony executive that contain business-related information and strategy become public.

Against the backdrop of the costs of a data security breach of this scale, the potential value associated with moving an organization’s data to the cloud for storage and management becomes clearer. While cloud hosting is no guarantee against a massive cyber-attack, there are still potential benefits. The fees paid to purchase storage through a vendor leverage the cyber security experience of the cloud provider as a core business competency. That is, data security, to a great extent, the cloud hosting provider’s raison d’etre, at the heart of its business model and offerings. In addition, the move to a cloud platform may provide a level of defensibility with regard to investigations or litigation because cloud hosting providers typically employ the most current data security features, obtain independent security certifications, and regularly perform documented audits of their systems. Therefore, an organization may be able to establish that it conducted proper due diligence by reviewing the cloud vendor’s data security documentation and thus exercised reasonable steps to prevent a breach.

By Kenneth N Rashbaum Esq. and Jason M. Tenenbaum of Barton, LLP.

Posted on January 5, 2015 in Cloud Computing Industry

Share the Story

About the Author

Logicworks is a cloud automation and managed services provider with 25 years of experience in IT operations. To learn more about Logicworks, contact us at (212) 625-5454 or sales@logicworks.com.

Responses (3)

  1. […] ended with a cyber-security “bang” in the form of the Sony Pictures Entertainment cyber-attack and the breach at Deloitte, and 2015 is starting with a “boom” in healthcare privacy rules that […]

  2. […] When Sony Pictures Entertainment experienced a cyber-attack around the release of their movie “The Interview”, a hard and expensive lesson was learned. Not only were Sony’s eyes opened to the other security requirements for their industry, but businesses began considering the costs of managing and securing their information in-house rather than utilizing the Cloud. The cyber-attack on Sony cost them around $100 million, not including the loss incurred by the hit to their reputation. They’ve had to invest an abundance of time and energy into rebuilding and diagnosing what really caused the security breach. The unending amount of fees they face such as responding to investigations from the Federal Trade Commission and Securities and Exchange Commission, and potentially state attorneys general, will definitely add up and put a financial burden on the company. It also caused an insurmountable loss of good-will for Sony. They also lost valuable information like strategic planning and trade secrets that affect a corporation’s profits. The hackers got ahold of confidential personnel records of its employees and various embarrassing emails from executives. All of which endangered Sony’s relationships with employees, talent, contractors and vendors (Logicworks). […]

  3. […] When Sony Pictures Entertainment experienced a cyber-attack around the release of their movie “The Interview”, a hard and expensive lesson was learned. Not only were Sony’s eyes opened to the other security requirements for their industry, but businesses began considering the costs of managing and securing their information in-house rather than utilizing the cloud. The cyber-attack on Sony cost them around $100 million, not including the loss incurred by the hit to their reputation. They’ve had to invest an abundance of time and energy into rebuilding and diagnosing what really caused the security breach. The unending amount of fees they face such as responding to investigations from the Federal Trade Commission and Securities and Exchange Commission, and potentially state attorneys general, will definitely add up and put a financial burden on the company. It also caused an insurmountable loss of good-will for Sony. They also lost valuable information like strategic planning and trade secrets that affect a corporation’s profits. The hackers got ahold of confidential personnel records of its employees and various embarrassing emails from executives, all of which endangered Sony’s relationships with employees, talent, contractors and vendors (Logicworks). […]

Leave a reply

Back to Top