Skip to Main Content

The Dangers of Data Breach Fatigue

There was a time, not so long ago, when we used fax modems to surf the Internet, stored our data on diskettes, and needed to possess both extraordinary intelligence and lightning fast typing skills to hack into computers.

Nowadays, anyone with a laptop and online connection can learn to break into a database, steal confidential information, and sell it online.

Unlike Matthew Broderick’s character in the 1983 movie War Games, the typical hacker is not a teenager in his parent’s basement breaking into the U.S. military systems and almost starting World War III. The typical cyber criminal  today is a man 35 years or older often working in groups of 6 or more. He’s in China or Indonesia, shutting down company websites or computer systems around the world through distributed denial of service (DDoS) attacks. (DDoS attacks can be quite lucrative for cyber criminals, especially if they’re used for cyber extortion.)

The facts are that cyber attacks and data breaches have become so common that we’re beginning to become numb to them, even when our personal data is compromised. Experts describe the phenomenon as data breach fatigue, brought about by a regular stream of data breaches in the news that seemingly have little effect on the lives of customers. When credit card information is stolen, customers receive new cards and don’t have to pay for fraudulent charges. When JP Morgan Chase suffers a data breach, the firm sees little or no increase in fraudulent activity. Sure, people may stop shopping at a particular store for a short period of time, but memories are short and convenience often overcomes concerns we once had.

If you follow this blog series, you know the dangers of this type of thinking. Even if a business has managed to avoid or survive a data breach, it may not be successful the next time. And believe me, there very likely will be a next time.


Shawn Dougherty

Shawn Dougherty is the assistant vice president of ISO's Specialty Commercial Lines Division. He is responsible for providing the overall direction, leadership, and client service for ISO's cyber liability (e-commerce), D&O (management protection), businessowners, crime and fidelity, financial institutions, employment-related practices liability, and professional liability (other than medical) insurance programs. He is also the ISO product manager for the Lloyd's Wordings Repository, an electronic database of policy wordings and clauses regularly used within the London market. Mr. Dougherty has worked at ISO since 1988.


You will soon be redirected to the 3E website. If the page has not redirected, please visit the 3E site here. Please visit our newsroom to learn more about this agreement: Verisk Announces Sale of 3E Business to New Mountain Capital.