Sony’s Movie Breach Could Cost $100M But Less Than Playstation Breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.claimsjournal.com/news/national/2014/12/15/259021.htm

Sony Corp.’s movie studio could face tens of millions of dollars in costs
from the massive computer hack that hobbled its operations and exposed
sensitive data, according to cybersecurity experts who have studied past
breaches.

The tab will be less than the $171 million Sony estimated for the breach of
its Playstation Network in 2011 because it does not appear to involve
customer data, the experts said.

Major costs for the attack by unidentified hackers include the
investigation into what happened, computer repair or replacement, and steps
to prevent a future attack. Lost productivity while operations were
disrupted will add to the price tag.

The attack, believed to be the worst of its type on a company on U.S. soil,
also hits Sony’s reputation for a perceived failure to safeguard
information, said Jim Lewis, senior fellow at the Center for Strategic and
International Studies.

“Usually, people get over it, but it does have a short-term effect,” said
Lewis, who estimated costs for Sony could stretch to $100 million.

It typically takes at least six months after a breach to determine the full
financial impact, Lewis said.

Sony has declined to estimate costs, saying it was still assessing the
impact.

The company has insurance to cover data breaches, a person familiar with
the matter said. Cybersecurity insurance typically reimburses only a
portion of costs from hacking incidents, experts said.

People claiming responsibility for the attack posted yet-to-be-released
Sony films online, including holiday musical “Annie.” Macquarie Research
analysts projected Sony would likely take an impairment charge of 10
billion yen ($83 million) related to the incident.

Mark Rasch, a former federal cyber crimes prosecutor, estimated costs could
run up to $70 million.

Losses in that range would not mean a big financial setback to Sony
Pictures Entertainment, which reported operating profit of $501 million for
the fiscal year through March.

But other effects, such as the loss of trade secrets, will be difficult to
measure, Rasch said. Hackers have released a trove of documents that
include contracts and marketing plans that could influence competitors’
strategies.

Costs could mount if Hollywood stars, producers or financiers decide to
take projects to Sony’s competitors.

“Will they be able to attract high-name stars if those stars believe their
personal information will not be protected?” he said. “How do you know what
business opportunities are lost? It’s hard to put a dollar figure on it.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!