Partner
Cybercrime and data breaches have been on the rise for many years, and it is not surprising that the threat of cybercrime has become a bigger concern for people than the threat of real, physical criminal acts. A recent report issued by Sophos, Ltd. indicates that people are now more worried about being the victim of a cyber attack than of being the victim of a traditional physical crime. This shift in people’s state of fear makes sense in light of how cyber threats have been evolving over the years. Much is at stake when you are victimized by a cybercrime.
Cybercrime and cyber threats are often considered a technologically complicated matter. Many people do not fully understand what a cybersecurity threat is, or how it can truly affect them. This paradox is interesting because many people worry about protecting their homes, businesses, and vehicles from physical acts of crime such as robbery and burglary, but do very little to protect themselves from cyber security threats. Interestingly, the Sophos report noted that:
While it is a step in the right direction to know that cyber security threats exist and that they can wreak havoc on your computer system, what is more important is taking steps to try and protect your system from these threats. Basic security measures such as installing firewalls and backing up data can go a long way to reducing the impact that a system breach can have on your day-to-day operations and yet very few people perform these basic safety measures regularly, if at all. This is troubling in light of the fact that cybersecurity threats are on the rise.
Basic education about what cybersecurity is, what threats exist, and how to protect your system against these threats can be invaluable to you. It is better to prepare against a cyber attack before it happens then to deal with the consequences of being unprepared after your system has been ransacked by a data breach.
The field of cyber security is relatively new and complicated, not to mention that it is constantly changing. Handling data security breach issues can be tough and overwhelming to a recently victimized business or individual, and we want to help. Revision Legal has worked with numerous companies across the country in the past to navigate data security breaches and other cyber security issues. Please feel free to contact the cybersecurity and breach notification lawyers at Revision Legal by using the online form on this page or call us at 855-473-8474.
The fear of cybercrime reflected in the Sophos data is grounded in economic reality. The FBI’s Internet Crime Complaint Center (IC3) reported that cybercrime cost Americans over $12.5 billion in 2023 — a record high and a nearly 22% increase from the prior year. Business email compromise (BEC) scams alone accounted for over $2.9 billion in losses. Ransomware, investment fraud, and phishing rounded out the major categories of reported cybercrime loss. These figures almost certainly understate the true cost of cybercrime, as many victims — particularly businesses — do not report incidents to law enforcement out of concern for reputational damage or customer confidence.
For individuals, identity theft remains the most direct and damaging consequence of cybercrime. The FTC received over 1 million identity theft reports in 2023, with government document or benefits fraud, credit card fraud, and bank fraud topping the list. Victims of identity theft spend an average of dozens of hours resolving the consequences — disputing fraudulent accounts, filing police reports, placing credit freezes, and communicating with creditors — in addition to any direct financial losses they are unable to recover.
Federal law provides a framework of both criminal and civil remedies for cybercrime victims, though practical recovery depends heavily on the ability to identify and serve the perpetrators. The Computer Fraud and Abuse Act, 18 U.S.C. § 1030, is the primary federal cybercrime statute, prohibiting unauthorized access to protected computers and authorizing civil actions by victims who sustain losses of at least $5,000 in any one-year period. Victims who can identify the perpetrators may seek actual damages, equitable relief, and attorney’s fees.
The Identity Theft Enforcement and Restitution Act amended the CFAA to explicitly authorize restitution orders in criminal prosecutions, allowing courts to require convicted cybercriminals to compensate victims for their losses. The Electronic Communications Privacy Act creates civil liability for illegal interception of electronic communications. State computer fraud statutes often provide lower damages thresholds than the CFAA and may offer additional civil remedies not available under federal law.
For businesses, the rise of cybercrime creates not just victimization risk but affirmative legal obligations. The FTC has used its authority under Section 5 of the FTC Act, 15 U.S.C. § 45, to bring enforcement actions against companies that failed to implement reasonable cybersecurity practices, holding that such failures constitute unfair business practices that harm consumers. Companies like Wyndham Hotels, LabCorp, and several mortgage servicers have faced FTC enforcement actions and consent decrees requiring mandatory cybersecurity programs and independent security audits for periods of 20 years or more.
State attorneys general have also been active cybersecurity enforcers. New York’s SHIELD Act requires any business handling New York residents’ private information to implement reasonable cybersecurity measures — a requirement that applies to out-of-state businesses with New York customers. California’s CCPA and CPRA give consumers a private right of action for certain data breaches resulting from a business’s failure to implement reasonable security procedures. The trend in state legislation is clearly toward expanding both the scope of mandatory security obligations and the penalties for non-compliance.
The gap between the 63% of people who fear cybercrime and the small percentage who have taken concrete protective measures is a leadership and education problem that businesses can address for themselves and their employees. Effective organizational cybersecurity starts with leadership commitment to treating security as a core business function — not an IT afterthought. Specific steps that produce measurable risk reduction include:
The attorneys at Revision Legal advise businesses on cybersecurity legal compliance, data breach response, and the full range of federal and state legal obligations triggered by the constantly evolving cybercrime landscape. Contact us using the form on this page or call us at 855-473-8474.
Image credit: Exclusive Networks
EMV chip credit cards were supposed to reduce fraud, but questions remain about their effectiveness. Here’s what chipped cards protect against and where vulnerabilities remain.
Read more about Are New Chipped Credit Cards Safe From Fraud?
Cyber attacks fall into two categories: active attacks that disrupt systems and passive attacks that silently steal data. Here’s how each type works and how to defend against them.
Read more about Active vs Passive Cyber Attacks Explained
Advanced persistent threats are sophisticated, long-term cyber attacks targeting organizations for data theft or disruption. Here’s how APTs work and how businesses can defend themselves.
Read more about What Are Advanced Persistent Threats?