You'll See This Message When It Is Too Late

From Information Policy

You'll See This Message When It Is Too Late

The Legal and Economic Aftermath of Cybersecurity Breaches

By Josephine Wolff

What we can learn from the aftermath of cybersecurity breaches and how we can do a better job protecting online data.





What we can learn from the aftermath of cybersecurity breaches and how we can do a better job protecting online data.

Cybersecurity incidents make the news with startling regularity. Each breach—the theft of 145.5 million Americans' information from Equifax, for example, or the Russian government's theft of National Security Agency documents, or the Sony Pictures data dump—makes headlines, inspires panic, instigates lawsuits, and is then forgotten. The cycle of alarm and amnesia continues with the next attack, and the one after that. In this book, cybersecurity expert Josephine Wolff argues that we shouldn't forget about these incidents, we should investigate their trajectory, from technology flaws to reparations for harm done to their impact on future security measures. We can learn valuable lessons in the aftermath of cybersecurity breaches.

Wolff describes a series of significant cybersecurity incidents between 2005 and 2015, mapping the entire life cycle of each breach in order to identify opportunities for defensive intervention. She outlines three types of motives underlying these attacks—financial gain, espionage, and public humiliation of the victims—that have remained consistent through a decade of cyberattacks, offers examples of each, and analyzes the emergence of different attack patterns. The enormous TJX breach in 2006, for instance, set the pattern for a series of payment card fraud incidents that led to identity fraud and extortion; the Chinese army conducted cyberespionage campaigns directed at U.S.-based companies from 2006 to 2014, sparking debate about the distinction between economic and political espionage; and the 2014 breach of the Ashley Madison website was aimed at reputations rather than bank accounts.


$29.95 T ISBN: 9780262038850 336 pp. | 6 in x 9 in


  • This is the kind of book whose cogent organization and clear writing sticks with you… Essential.



  • “This is a critical work explaining the interplay between cybersecurity technology, policy, and law. Through the deft storytelling of nine major cyberattacks, Wolff illustrates how liability and blame hinder our attempts to make the Internet more secure. A must-read for anyone trying to understand how cybersecurity technology and policy play out in the real world.”

    Bruce Schneier, author of Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

    Chief Technology Officer of IBM Resilient and fellow at Harvard University's Berkman Center

  • "You'll See This Message When It Is Too Late provides a fresh perspective on cybersecurity. With attention to the legal and policy decisions that impact cybersecurity efforts, Wolff offers hope that there are more ways to enduringly defend against attacks than we may think."

    Jonathan Zittrain, Professor of Computer Science and George Bemis Professor of International Law

    Harvard University

  • “Wolff's book challenges conventional wisdom about cybersecurity with insight, theory, and case studies, concluding that focusing on nontechnical aspects of cybersecurity offers much more leverage than techies realize.  Read it!”

    Herbert Lin, Senior Research Scholar and Hank J. Holland Research Fellow

    Stanford University