Companies should not be held liable for losses sustained in a successful attack made on their AIS by outside sources is a proclamation that have raised divergent sentiments. However, a company should not only pay for losses, but they also ought to be held legally responsible for the successful attack that might happen to them. That result from that fact that even though numerous avenues exist for successful attack the AIS of a company, many sophisticated security measures equally exist for ensuring that such an occurrence does not happen (Whitman & Mattord, 2012). Henceforth, there would be no justification for such companies not to be held liable. For instance, the Target Company is on recorded to have lost million dollars as well as similar amount of customers details when their AIS was hacked into by un authorized end user (Alexander, 2008). As a result, the company was found liable for various offences and that they were compelled to compensate for the damages done on their customers.
Together with the fact elucidated exceedingly, the modern times have presented various means through which companies may protect themselves from the various sources of attacks on their AIS. The various threats resulting to such attacks on a company’s AIS, and if they are not attended to with precautions, the credibility of the whole system would be compromised. Taking Target Company for instance, their system was hacked into through the use of debit or credit cards (Alexander, 2008). That is a clear indication that security controls ought to be taken seriously at the point of data collection since it bears the first point of weakness that might be used by attackers to gain access into the AIS of a company. That is attributed to the fact that an unapproved client may pose to be a legitimate user yet in the real sense he/she is impersonating trying to formulate ways of hacking into the system (Whitman & Mattord, 2012). Hence, no company ought to excuse themselves that they ought not to pay once their systems will be attacked.
Further, in case a company adopts all the necessary measures in protecting their AIS, no attack on them would be possible. Most companies have installed systems that are sophisticated reducing the chances of a successful attacked on them. In addition, the entire workforce of a company are supposed to get the security measures training that would enable them to detect any outside individual endeavoring at piggybacking in the company’s system (Gelinas & Dull, 2010). That way, the company would have ensured that chances for a successful attack on the system are minimized eliminating the notion that a company was effectively protected, although an attack by outsiders on its system was success.
As a matter of fact, companies are mandated to inaugurate and uphold adequate controls on the subject of financial reporting as well as the measuring of effectiveness of such controls. That way, companies would be in a position to stay on top of their security measures in the ever changing world of information technology (Whitman & Mattord, 2012). Hence, the argument that outside attackers have become more advanced in their quest to hack into companies AIS would not hold water. That is because the companies as well have the opportunity to up their game in the technology so that their systems would be safe (Gelinas & Dull, 2010). Otherwise, supporting that the companies ought not to pay would be equivalent of saying that the companies can relax their security measures since they will not pay once they get attacked by outsiders. Taking Target Company for instance, it was believed that the management knew of the attack but took no action in preventing it (Alexander, 2008). How many companies would not do the same if we concur that they ought not to pay and be held liable for such attacks?
Alexander, P. (2008). Information Security: A Manager's Guide to Thwarting Data Thieves and Hackers. Westport: Greenwood Pub. Group.
Gelinas, U. J., & Dull, R. B. (2010). Accounting information systems. Australia: South-Western/ Cengage Learning.
Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Boston, MA: Course Technology.