A Changed Environment Requires a Changed Approach
Cisco Resolves Claims Related to Video Security Software Sold Between 2008 to 2014
As the world’s largest supplier of internet security hardware and software products and services, we’re reminded every day that the threat landscape continues to grow exponentially. Headlines remind us of the threats that can lead at the least to personal annoyance – think of the replacement of credit cards – but can also produce operational disruption – networks going down or ransomware attacks. Beyond that, as networked data becomes core to more and more activities, security failures can endanger national economic and physical security. A key mission for Cisco is to work to reduce and eliminate all of those risks.
The standards by which suppliers are judged are also changing. We, alongside our customers and stakeholders, are always demanding more. We intend to stay ahead of what the world is willing to accept. Nothing illustrates better the way standards are changing than our engagement in resolving a dispute involving video security software products sold by us in Cisco’s fiscal years 2008 through 2013. In short, what seemed reasonable at one point no longer meets the needs of our stakeholders today.
The software was created by Broadware, a company we acquired in 2007. Broadware intentionally utilized an open architecture to allow customized security applications and solutions to be implemented. Because of the open architecture, video feeds could theoretically have been subject to hacking, though there is no evidence that any customer’s security was ever breached. In 2009, we published a Best Practices Guide emphasizing that users needed to pay special attention to building necessary security features on top of the software they were licensing from us. And in July, 2013, we advised that customers should upgrade to a new version of the software which addressed security features. All sales of the older versions of the software had ended by September, 2014.
Evaluating these facts today, we’ve now agreed to make a payment that includes, what is in effect, a partial refund to the US federal government and 16 states for products purchased between Cisco’s fiscal years 2008 and 2013. The payment settles litigation that had originally been brought in 2011. The total sales at issue were well under one one-hundredth of one percent of Cisco’s total sales, and our total payment was $8.6 million, which includes payment of approximately $1.6 million to the individual who brought this to the attention of the government. While this is a legacy issue which no longer exists, it matters to us to recognize that times and expectations have changed.