• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Rising Costs of Data Loss

March 29, 2011 By The Editor

One of the challenges that businesses regularly face is how to balance the known costs of network, application and data protection against the unknown costs of a data breach or series of breaches.  Often, business owners or IT staff are left to guess or worse, fail to acknowledge the costs and consequences of a significant breach of information.

Thanks to the Ponemon Institute, new research data is available to help provide guidance on the costs of a data breach.  Some key facts from their research shows:

  • 7% – the increase of data breach costs in 2010
  • $214 – the average cost per individual record compromised
  • $7.2 million – the average organizational cost of a data breach

Additionally, this research shows that malicious acts were the root cause of 31 percent of the data breaches studied, which is significantly up over the last two years.  But, the leading cause of data breaches is negligence – a whopping 41 percent of breaches are due to negligence in protecting and safeguarding sensitive data.

What can a business glean from this?  Take this recent example from the University of South Carolina where 31,000 individual’s private information, including social security numbers, was exposed online.  When applying the $214 cost per record, a quick calculation shows that the University is facing a potential cost of $6.6 million.

But, obviously not all data breaches cost the same.  Maybe a better example is the recent settlement made public in Massachusetts.  Here, the Massachusetts Attorney General reached a $110,000 settlement with a restaurant group that allegedly failed to protect patrons’ personal information.

The Briar Group LLC, the owner and operator of the Boston-based restaurants and bars, allegedly failed to take proper steps to keep payment card information safe.  In addition to civil penalties, the Briar Group must comply with state data security regulations, payment card security standards (PCI DSS), and it must establish and maintain an enhanced computer network security system going forward.

If one applies the Ponemon cost per record to the Briar Group, the $110,000 settlement would mean that the organization only lost 514 customer records.  Keep in mind, the period of the breach lasted eight months.  It seems unlikely that in eight months only 514 records were compromised.  The actual number of compromised records is certain to be much higher.

In the spectrum of data breach costs, the $110,000 settlement appears to be on the very low end of the scale.  What is not accounted for is the loss of public trust and the brand damage to the Briar Group and their restaurants and bars.  It’s hard to say what those damages will be.

Bottom line: data breach costs are going up. With an average cost of $7.2 million per data breach event, the expenditures to protect networks, applications and data suddenly appear to be miniscule.  As Benjamin Franklin said, “an ounce of prevention is worth a pound of cure.”  Too bad that the Briar Group didn’t take that advice.

Share This:

Related

Filed Under: Uncategorized Tagged With: Data Breach Costs, PCI DSS

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use