Security industry estimates indicate that it costs $100 per person for notification/remediation about a data breach. Add to that the beneficial economic spinoffs from consulting fees, credit monitoring fees, and Identity Theft Insurance premiums, tuition fees to teach a new generation of cyber sleuths and government agents, etc., etc., and it becomes hard to dispute that there just might be a method to this madness.
Imagine the economic impact if USBs were encrypted by default or if individuals were properly educated, starting in kindergarten, to be able to be knowledgeable and self-sufficient about privacy and computer technology, instead of being ignorant about scams and online predators, and reliant (hostage) on third parties for advice and protection. What would happen to the consulting and license fees paid to the security software and consulting firms of the world? What would happen to the new Identity Theft Insurance industry that has been spawned by breaches, inadequate privacy awareness, and fallible security?
And what would the political fallout be when an educated public is harder to bamboozle and reduces its reliance on third parties? How easily could the economy, and the government, withstand the consulting/security sector shrinking, resulting in temporary increases in unemployment and a reduced tax base as that sector adjusts to a new reality. And what sort of questions would come from an educated populace?
Who could withstand the scrutiny of an electorate that is well enough educated to know the right questions to ask. Who would venture a guess as to why — for all the billions spent on improved security, system upgrades, and public awareness campaigns — has there been so little improvement; nay, why have the breach rates continued to climb?
Why has there been so little education to enable individuals to be knowledgeable about handling, divulging, and safeguarding sensitive information.
Why haven’t schools embedded digital citizenship and privacy into the mandatory curriculum, starting in kindergarten (by which time many children have already been using tablets and smart phones)?
Why haven’t governments written laws to limit the amount of personal data that industry and government may gather and commoditize?
Why have people (including the same ones who work in the organizations that collect and broker endless reams of data about us and themselves) been so reticent to question the message that nobody cares about their own privacy, and that giving up our privacy and other freedoms is good and right and necessary so that we can be saved from…. well, we were originally told that it was to save us from terrorists but we might want to reconsider just who that is and what their motives really are. And what is the real cost to us all.