Article by Anne Field
Data breaches are costing companies globally and in the US a small fortune. And it looks like October had a few humdingers.
First, for the cost. The average cost of a data breach experienced by companies in 2009 was $3.4 million, or $142 per customer. That's according to a survey by the Ponemon Institute, which studied firms in the US, UK, Germany, Australia and France.
The news was particularly bad for the US, where companies had the most expensive cost per customer ($204). Lowest: UK, at $98 per customer.
The reason for the breaches vary; sometimes it's thanks to a hacker, sometimes just human error. Thirty-five percent involved outsourced data provided to third parties, while 36 percent were caused by hackers, according to the survey.
As it happens, there also were a few notable breaches just last month, according to Ponemon.
Most noteworthy: A lost portable drive exposed 280,000 names, addresses, and health information at Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan.
Estimated cost: $17.1 million. And it was discovered that 40,101 student names, grades, and Social Security numbers had been left exposed on a server for nearly a year at the University of Hawaii. Estimated cost: $2.4 million.
What to do? According to an article in Risk Management magazine, you need a systematic strategy for dealing with such threats. It's worth reading the whole thing. But highlights of any effort should include:
- Identifying your important information assets and making a list of which ones are most vital.
- Determining where each of these information assets can be found.
- Rating your information assets according to such categories as public or sensitive information.
- Rating the threats that important information assets face and making a plan for how to deal with them, starting with the most severe.
When it comes to data breaches, it's also worth hiring a Chief Information Security Officer, according to Ponemon. Businesses with a CISO experienced 21 percent less in costs on average.
Sometimes you have to spend money to save.
Cross-posted from CIO Zone