Data Breaches Continue to Cost Companies Millions

Saturday, November 06, 2010

Bill Gerneglia

44fa7dab2a22dc03b6a1de4a35b7834a

Article by Anne Field

Data breaches are costing companies globally and in the US a small fortune. And it looks like October had a few humdingers.

First, for the cost. The average cost of a data breach experienced by companies in 2009 was $3.4 million, or $142 per customer. That's according to a survey by the Ponemon Institute, which studied firms in the US, UK, Germany, Australia and France.

The news was particularly bad for the US, where companies had the most expensive cost per customer ($204). Lowest: UK, at $98 per customer.

The reason for the breaches vary; sometimes it's thanks to a hacker, sometimes just human error. Thirty-five percent involved outsourced data provided to third parties, while 36 percent were caused by hackers, according to the survey.

As it happens, there also were a few notable breaches just last month, according to Ponemon. 

Most noteworthy: A lost portable drive exposed 280,000 names, addresses, and health information at Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan.

Estimated cost: $17.1 million. And it was discovered that 40,101 student names, grades, and Social Security numbers had been  left exposed on a server for nearly a year at the University of Hawaii. Estimated cost: $2.4 million.

What to do? According to an article in Risk Management magazine, you need a systematic strategy for dealing with such threats. It's worth reading the whole thing. But highlights of any effort should include:

  • Identifying your important information assets and making a list of which ones are most vital.
  • Determining where each of these information assets can be found.
  • Rating your information assets according to such categories as public or sensitive information.
  • Rating the threats that important information assets face and making a plan for how to deal with them, starting with the most severe.

When it comes to data breaches, it's also worth hiring a Chief Information Security Officer, according to Ponemon. Businesses with a CISO experienced 21 percent less in costs on average.

Sometimes you have to spend money to save.

Cross-posted from CIO Zone

Possibly Related Articles:
3307
Breaches
Data Loss breaches Budgets Poneman
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.