Data Breaches Continue to Cost Companies Millions

Saturday, November 06, 2010

Contributed By:
Bill Gerneglia

Article by Anne Field

Data breaches are costing companies globally and in the US a small fortune. And it looks like October had a few humdingers.

First, for the cost. The average cost of a data breach experienced by companies in 2009 was $3.4 million, or $142 per customer. That's according to a survey by the Ponemon Institute, which studied firms in the US, UK, Germany, Australia and France.

The news was particularly bad for the US, where companies had the most expensive cost per customer ($204). Lowest: UK, at $98 per customer.

The reason for the breaches vary; sometimes it's thanks to a hacker, sometimes just human error. Thirty-five percent involved outsourced data provided to third parties, while 36 percent were caused by hackers, according to the survey.

As it happens, there also were a few notable breaches just last month, according to Ponemon.

Most noteworthy: A lost portable drive exposed 280,000 names, addresses, and health information at Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan.

Estimated cost: $17.1 million. And it was discovered that 40,101 student names, grades, and Social Security numbers had been left exposed on a server for nearly a year at the University of Hawaii. Estimated cost: $2.4 million.

What to do? According to an article in Risk Management magazine, you need a systematic strategy for dealing with such threats. It's worth reading the whole thing. But highlights of any effort should include:

Identifying your important information assets and making a list of which ones are most vital.

Determining where each of these information assets can be found.

Rating your information assets according to such categories as public or sensitive information.

Rating the threats that important information assets face and making a plan for how to deal with them, starting with the most severe.

When it comes to data breaches, it's also worth hiring a Chief Information Security Officer, according to Ponemon. Businesses with a CISO experienced 21 percent less in costs on average.

Sometimes you have to spend money to save.

Cross-posted from CIO Zone

Share This! |

Views:	2307
Categories:	Breaches
Tags:	Data Loss breaches Budgets Poneman

Post Rating I Like this!

Comments:

You Must Register or Login to Comment

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked

Latest Member Comments

"I thought this article discuss a very important issue of security.If we have well developed technology in one particular field then we ..."

Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013

"ATM machine are for our convenience but if we are not careful they can compromise our safety. Discount theater tickets "

ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013

"A expressive case study is used to explore causation in order to find underlying principles. Case studies may be prospective in which c..."

New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013

"In the social sciences and life sciences a case study or case report is a descriptive or descriptive analysis of a someone, group or ev..."

Case Study: A Cloud Security Assessment... Caitlin Rachel on 05-21-2013