The U.S. elections of 2016 have resulted in some of the most heated debates across a number of contentious issues. The personalities involved in the run up to the November presidential election are an explosive mix and the resulting accusations and mudslinging makes for great TV. The accusations range in tone from almost playground jibes, such as the one made towards Cruz, by Trump, saying his Canadian birth could make the senator “vulnerable”, to serious accusations that could materially impact the candidate’s status. Jibes like this may muddy the electoral waters, but the more serious accusations that we’ve seen recently against Hillary Clinton, can have much further repercussions.
Around this time last year, there was a bit of a storm around Hillary Clinton, then secretary of state, who had been revealed as using a private, home-based, server to manage her emails. At the time, she was accused of using this system to prevent freedom of information requests and searches. Clinton defended herself by saying the emails were not deemed as ‘classified’, something that has since been hotly disputed. The press lambasted her for creating her own, ‘homebrew’ email system; the security of which was uncertain and which gave her powers of control over her emails that rankled those wanting transparency from their politicians. This level of irritation over the use of a personal server was not unfounded. If an issue of state security did occur, it would be vital to have full disclosure of emails. We would then have to rely on Clinton’s word that she had disclosed them, or that she could prove no malicious disclosure had occurred – not an ideal situation for any government to have to deal with. Just to give you an idea of the scale of this issue, so far 1200 emails from that homebrew sever have been checked and retro-actively marked as ‘classified’.
The truth of the matter may never fully come to light, but the story of Hillary Clinton’s ‘EmailGate’, rumbles on. We are now finding out that some of those emails Clinton originally stated were not classified, were in fact, top secret emails.
Trump, a master of marketing, has of course used this to his own advantage. He is using ‘EmailGate’ to damage Clinton’s reputation because of her poor handling of security. Clinton may also find more than her reputation damaged if any subsequent issues come to light, especially around security.
Ignore Security at Your Peril
Poor security choices may well cost Clinton the presidency. But she isn’t the only one damaged by not taking security and privacy seriously. We are currently watching the world of cyber-crime explode; in fact, Senator John Kerry has described the situation as being, “…pretty much the wild west…” and stated that he fully expects the Russians and Chinese to be reading his emails. In the last few years we have seen a general increase in the likelihood of a successful cyber-breach. Privacy Rights Clearinghouse which is a non-profit U.S. based organization, sets out to spot trends and quantifies breaches. You can go to their ‘data breaches timeline’ and see the level of breaches per year since 2005. In 2010 there were just fewer than 13 million records breached. In 2014 this figure had risen to almost 68 million breached records, and in 2015 there were a staggering 159, 436, 735 records compromised. This means an awful lot of organizations and the people who head them are seeing financial penalties and their reputations damaged.
Cyber-litigation On the Increase: Now it’s Personal
These cyber-breach figures are not only resulting in an awful lot of stolen data, they are translating into litigation. The Federal Trade Commission (FTC) can and does prosecute firms for poor security measures. In 2015 the FTC made a ruling that will impact all companies who are custodians of data, especially of customer data. The ruling came out of the case of the FTC vs. Wyndham Hotel and Resorts where Wyndham failed to give reasonable protection to personal customer details. The FTC can now more readily bring cybersecurity cases to court and prosecute businesses that do not put in place good measures to protect customer data.
The massive breach suffered by retailer Target has resulted not just in reputational damage, but major financial losses. Resulting lawsuits by banks and credit unions associated with the firm have amounted to $39 million; a class action by Target customers is also in progress against the retailer.
And now it’s also getting personal. There is a human impact too, above and beyond the affected customers and the class actions; Target’s CIO, Beth Jacob, ended up resigning over the cyber-breach debacle. Donna Seymour, CIO of the Office of Personnel Management (OPM), who experienced a breach of around 22 million employee records last year, is now being sued because she failed to protect those individuals’ identity data. If this lawsuit is successful and chances are it will be, then we should expect to see more personal lawsuits taken out against executives of breached companies.
Reputation and Security Go Hand-in-Hand
One thing that we can be sure of in the Hillary Clinton ‘EmailGate’ case is that her reputation has been irreversibly tarnished. Reputation on both a commercial and individual level is a very delicate matter and once lost is difficult to put right. Financial losses are one thing and very damaging they can certainly be, but to lose a reputation can mean a previously shining career is ruined. We can no longer hide behind our company lawyers. As executives we need to take control of our cybersecurity strategy and ensure that from the board level downwards, everyone takes security and privacy seriously.