Data loss has become a running story over the last few months. Not so much is the question “Has there been a data breach?” more a case of “Who now?” Writes Peter Williams
You wouldn’t accept the catalogue of stolen laptops, mislaid CDs, unopened disks and general lack of care and attention from Kevin the teenager, never mind responsible organisations. One of the inevitable follow up questions is how much does all of this “now what have I done with that?” misplaced data actually cost?
The answer is further embarrassment for those responsible and more exasperation for the shareholders and taxpayers who finally picks up the tab. According to research issued this week (25 February 2008) the average total cost was more than £1.4 million. Perhaps more interesting, the 2007 Annual Study: UK cost of a data breach also revealed that the most significant component of data breach costs was the financial impact of lost business due to reduced consumer trust. The study (the first despite its title), was carried out by the Ponemon Institute and sponsored by PGP Corporation and Symantec Corp and focused on the cost of activities resulting from actual data loss incidents as well as identifying the most frequent causes. Breaches included in the survey ranged from 2,500 records to more than 125,000 records from 21 businesses spanning eight different industry sector.
The average cost per record lost is £47 lost business leads to 46 per cent of the total cost of a data breach, as a loss of trust leads to higher churn and higher customer acquisition rates, the study found. The rest of the cost is made up from notification (£1 per record), detection (£15) and ex-post activities (£15), which are the costs after the event to help victims watch their credit or the reissuing of account cards, for example.
Lost laptops are the most frequent cause of data breaches (as no doubt as the NHS and MOD could confirm), accounting for 36%. The use of paper records account for 24%, while hackers, malicious insiders and malicious code combined are responsible for12% of such incidents.
The number of reported data lost incidents has risen sharply in the last few years. Perhaps that indicates that organisation are taking these fouls up more seriously but as this study shows more needs to be done to cut the cost and contain the damage.
No comments:
Post a Comment