RSS Alerts

Related Links

Related Stories

  • Companies lag behind on cloud security
    Enterprise customers are lagging behind on cloud security, according to a study released by Symantec and the Ponemon Institute.
  • Ponemon: Cost of breaches rising
    The Ponemon Institute has published its annual survey analyzing the cost of data breaches, and has found them rising. Its report, 2008 Annual Study: The Cost of a Data Breach, analyzed input from 43 US firms and found that the cost of the average breach was up 2.5% from last year. It had risen even more sharply since 2006, climbing 11%.
  • A Breach too Far
    How much do data breaches really damage organizations financially – and why don’t we want to hear about it? Danny Bradbury investigates
  • The 2010 US Infosecurity Virtual Conference - Provisional Conference Program available.
    We are pleased to outline the details for the next event, to be held on October 7th 2010. This one-day event brings a series of topical keynote sessions direct to your computer, giving you the flexibility to learn about the latest information security trends and challenges from wherever you are in the world.
  • Cyber crimes cost organizations $3.8 million per year
    A recent study conducted by the Ponemon Institute reveals that, on average, cyber crime costs organizations in the US about $3.8 million per year.

News

Infosecurity Europe 2010: Survey says US boasts highest data breach costs

28 April 2010

A newly released global survey by the Ponemon Institute shows that, among five of the largest industrialized nations, data breaches affecting US organizations are the costliest both in terms of cost per compromised record and the overall price tag per incident.

The Ponemon Institute revealed findings of its first global study on the cost of data breaches today at Infosecurity Europe. The study, which was sponsored by data encryption specialist PGP, shows that average data breach expenses were costliest in the US among the five countries sampled in the survey. The average cost per compromised record in the US was $204, followed by Germany at $177, France, Australia, and the UK, which had the lowest cost burden at $98 per stolen record.

Jamie Cowper, director of EMEA marketing for PGP, told Infosecurity that the survey came about as a result of customers’ desire to quantify the costs of data breaches. In the wake of increased public awareness of these incidents, and the regulatory initiatives that have ensued, PGP began its partnership with the Ponemon Institute in 2004 after California passed the first data breach notification law in the US.

The study also showed that the average cost of a data breach for organizations in the US clocks in at $6.75m per incident, with organizations in Australia feeling less of a pinch at 1.83m per occurrence. The average cost per incident worldwide was $3.43m, with the average global cost per record coming in at $142.

One interesting tidbit from the survey notes that organizations who suffer a data breach in countries with national notification laws had higher costs associated with the incident as opposed to those without similar statutes. In the US, where 46 of the 50 states have such a notification law, costs related to lost records were 43% higher than the global average. In the UK – which does not have similar public disclosure procedures – per record costs fell below the global average. Although, as Cowper pointed out, organizations in the UK are required to notify the Information Commissioner’s Office when a data breach occurs.

As for harmonizing data protection and notification standards for organizations operating across several US states, Cowper noted that most PGP customers with take a worst-case scenario approach to compliance. “You have to [plan for] the most severe”, Cowper said. “Generally speaking, organizations are not going to have 46 different practices. They are just going to go with whatever is the most onerous”.

He did add, however, that year-over-year analysis of the US survey results shows that organizations are getting better at minimizing the costs associated with breach notification and detection, as they gain more experience in responding to these incidents.

So how can organizations best defend themselves against a data breach? According to Intel’s Anand Pashupathy, general manager of anti-theft services for the company’s PC Client Services Division, a combination of encryption and anti-theft technology is the most effective approach. Intel, in partnership with PGP, has recently initiated efforts to secure its platforms by storing encryption keys deep within device hard drives. As Anand professed, the cost of the data contained on an asset far outweighs the cost of the device itself, especially when the equipment belongs to personnel that are near the top of an organization’s structure.

At the heart of the partnership between PGP and Intel is this dual-tiered approach to data protection, which protects data through encryption, but also provides an additional layer of security. This multi-faceted system neutralizes the damage that lost or stolen devices can have on an organization by permitting IT personnel to engage a remote ‘kill switch’ that disables a lost asset.

“People are human beings, and you cannot stop them from taking data outside an organization”, Pashupathy admitted. “Having encryption is a minimum, but adding anti-theft on top of that is really a baseline solution that all organizations should be doing”.

 

This article is featured in:
Compliance and Policy Data Loss Encryption

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water