Data Breaches: Getting More Expensive All The Time


As if any of us needed any further proof that data breaches cost companies more than loss of reputation or customer “churn,” comes more proof from the Ponemon Institute: For the fifth year running, data breaches grew more costly year-over-year to businesses.

According to this report, the average cost to a business of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record. This is a marked increase when compared to $204 per record in 2009.

Malicious or criminal attacks are the most expensive breaches, the study says, and are on the rise. In this year’s study, 31 percent of all cases involved a malicious or criminal act — up seven points from 2009 –and the cost of these compromises averaged $318 per record, up 43 percent from 2009.

While external breaches are on the increase, negligence remains the most common threat, Ponemon says. The number of breaches caused by negligence edged up one point to 41 percent and averaged $196 per record, up 27 percent from 2009.

Encryption and other technologies are gaining ground as post-breach remedies, but training and awareness programs remain the most popular, the study says. Sixty-three percent of respondents use training and awareness programs after data breaches, down four points from 2009. Encryption is the second-most implemented preventive measure as a result of a data breach, with 61 percent. Both encryption and data loss prevention (DLP) solutions have increased 17 percent since 2008.

On that count (e.g. encryption), a recent InformationWeek Analytics Backup Survey recently published found that only 18 percent of respondents reported they encrypt their backups to removable media and another 56 percent reported they don’t encrypt their backups at all.

In fact, March 2011 is the one year anniversary of state-sponsored legislation such as MASS 201 CMR 17 which was designed to protect Personally Identifiable Information (PII) by ensuring the encryption of consumer data, particularly on removable media.

To put a fine point on the cost of failing to encrypt backups, writing in this month’s Network Computing, Howard Marks retells the tale of the New York Health and Hospitals Corporation (HHC), which supports all publicly-funded hospitals in the city of New York. A contractor who had picked up a box of backup tapes at some point left the truck unlocked and the HHC tapes were stolen. While the tapes themselves would require a sophisticated blend of  intelligence and initiative to retrieve the data found on them, the HHC was required, by law, to personally notify the 1.7 million patients whose personal data was on those tapes. Using the Ponemon Institute’s average of $200 per compromised record, Marks concludes the HHC “is out about $350 million.”

The bottom line: encrypt all of your backups. You just never know when sheer negligence or outright theft will leave you wishing you had.

TAGS: , , , ,

   |   Leave A Comment

Comments

  1. No Comments

Leave A Comment

Make sure you enter the * required information where indicated. Comments are moderated. Please no link dropping, no keywords or domains as names; do not spam, and do not advertise!

|