background image
18
T H E P R I M E R U S P A R A D I G M
Small, Medium-Sized Businesses Not Immune
From Cyber Attacks and Data Breaches
Target, Home Depot, Chase Bank and
now Sony Pictures Entertainment. Not
a week goes by when news headlines
aren't filled with announcements that
another American-based company is the
victim of a data breach or cyber attack.
While larger companies are grabbing the
most attention, small and medium-sized
businesses (SMBs) are also at risk of
having their sensitive customer (and even
employee) data breached. Though less
publicized, these breaches have occurred
throughout the country and can have
substantial impacts on "mom and pop"
companies with limited resources.
Depending on the motives, SMBs
may make more attractive targets for
cyber-thieves. Because SMBs typically
have fewer resources to combat these
threats, cyber-thieves see SMB customer
data as "low-hanging fruit." Hackers and
other data thieves know these smaller
companies often possess valuable
customer information and may not be
appropriately protecting this data from
theft or inappropriate disclosure.
A data breach can be far more
devastating for an SMB than a larger
company. Although SMBs typically hold
less customer data, hackers and data
thieves who target SMBs are most likely
motivated solely to use the customer data
in an inappropriate manner. In contrast,
hackers or data thieves who attack
large corporations may have different
motivations that are not solely for
financial gain. For instance, some of the
international hackers who have breached
large corporations' data were politically
motivated. Some are merely chasing the
thrill of breaching large corporations'
IT security systems and the resulting
publicity, possibly never using or selling
the stolen data.
The motivation to use customer data
is particularly important. In consumer
lawsuits dealing with data breaches,
one of the key issues is whether the
consumer's data has been used in an
inappropriate or criminal manner.
Financially-motivated hackers and
data thieves typically sell the customer
information they acquire or use it
themselves to create fraudulent accounts
or access existing accounts. Whether
customers actually suffer economic
losses from the misuse of their stolen
information during a data breach could
be paramount in determining the level of
a company's potential financial exposure
in litigation following a data breach.
Remijas v. The Neiman Marcus Group,
LLC, 2014 U.S. Dist. LEXIS 129574
(N.D. Ill. 2014)
.
While data breaches for large
companies may not always be financially
motivated (and therefore may not result
in the misuse of stolen customer data),
if a cyber attack occurs against a SMB,
it can be presumed that the hackers/
criminals targeted the business in order
to misuse the customer data for their
North America ­ United States
Jonathan W. Macklem represents and advises clients on a
broad range of matters. He is a member of the firm's cyber
and data breach liability, business and commercial litigation,
insurance, labor and employment, and technology and emerging
growth companies practice groups.
J. Paul Zimmerman's practice primarily focuses on business
and commercial litigation in the areas of cyber and data breach
liability, technology and emerging growth companies, trade
secrets, insurance, and class action and complex litigation. He
is a member of The Sedona Conference Working Group 1 and
co-chair of CLM's eDiscovery and ESI Committee.
Richard E. Smith is one of Christian & Small's founding partners
and has been an integral member of the firm's litigation group
his entire legal career. His practice focuses primarily on complex
and corporate litigation for clients in the financial services, health
care and construction industries, as well as corporate entities in
other industries.
Christian & Small LLP
505 North 20th Street
Suite 1800 Financial Center
Birmingham, Alabama 35203
205.545.7456 Phone
205.328.7234 Fax
jwmacklem@csattorneys.com
jpz@csattorneys.com
resmith@csattorneys.com
csattorneys.com
Jonathan W. Macklem
Richard E. Smith
J. Paul Zimmerman