The rising cost of corporate data breaches
By Dave Jeyes
A recent study shows the cost of corporate data breaches rising steadily over the past few years. More alarming for consumers is the surprisingly high number of companies that prove to be repeat offenders.
The study on data breaches by the Ponemon Institute and sponsored by PGP, calculates the cost per stolen record across 43 companies. Ponemon has been conducting this survey annually since 2006.
Each individual record lost in a data breach costs a company an average of $202. This number grew 2.5 percent from $197 per record in 2007 and 11 percent from 2006.
The lion’s share of the cost is related to lost customers, especially among Financial and Healthcare companies. Institute Chairman Larry Ponemon says the study finds that, “the real punishment is brand diminishment.”
Overall, 43 percent of the cost of data theft results from lost customers. After that, the next most expensive aspect for companies is an audit service at 11 percent of the total cost.
Of the companies surveyed, 84 percent were repeat offenders when it comes to data loss. Less than half of the companies were implementing manual controls to prevent future breaches.
These findings send a clear warning to consumers who choose to remain with a company after a data breach. These are not isolated incidents that happen by chance, but more likely a pattern of poor data controls.
For large Financial and Healthcare companies, the problem represents a loss of trust on the part of the consumer. These very industries are the ones for which data privacy and trust should be paramount.
Remaining with an untrustworthy company as your provider for such valuable services is foolish. Further, complacency in tolerating such breaches just reinforces poor data-handing procedures. Steering away from companies with poor track records of protecting privacy is the only way to incite action.
Related:
Entry was posted
on Monday, February 2nd, 2009 at 10:49 am
under
Read more entries by Dave Jeyes.
Stumble It!
February 2nd, 2009
Most companies enjoy “security” insofar as they haven’t been targeted, or had an employee make a human error with catastrophic exposure. Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture – absent new eCulture, breaches will, and continue to, increase. For example: Microsoft patched for the worm affecting Heartland 4 months ago. As CIO, I’m constantly seeking things that work, in hopes that good ideas make their way back to me – check your local library: A book that is required reading is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium.” It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: http://www.businessforum.com/DScott_02.html –
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome – or propagate one.