Attrition Statistics: Companies Say Security Breach Could Destroy Their Business

Companies Say Security Breach Could Destroy Their Business

April 24, 2007 11:50 AM

Sharon Gaudin / Information Week

http://www.informationweek.com/news/showArticle.jhtml?articleID=199201085

One-third of companies said in a recent poll that a major security breach could put their company out of business, according to a report from McAfee.

The security company unveiled a study Tuesday showing that 33% of respondents said they believe a major data-loss incident involving accidental or malicious distribution of confidential data could put them out of business. The study, called Datagate, is based on a survey of more than 1,400 IT professionals at companies with at least 250 employees in the United States, the United Kingdom, France, Germany, and Australia.

McAfee's study also showed that while breach awareness is improving, the problem continues to grow, as well.

Sixty percent of those polled said they had experienced a data breach in the past year, and only 6% could say with certainty that they had not experienced one in the previous two years.

Despite how many companies are suffering data breaches, though, companies are still devoting just a fraction of their IT budgets to the threat. On average, the IT managers polled spend just 0.5% of their overall IT budgets on data security.

"Six in 10 companies admitting a breach in just the past year is ample proof that more needs to be done to address this very serious problem," said Dave DeWalt, president and chief executive officer at McAfee, in a written statement. "Awareness alone isn't enough. To protect customers, employees, and shareholders, data loss prevention needs to become a top priority at every level of the organization, from the board room to the lunch room."

The study also showed:

A data breach that exposed personal information would cost companies an average of $268,000 to inform their customers -- even if the lost data is never used;
61% of respondents said data leakage is the doing of insiders, and 23% said those leaks are malicious;
46% said they don't debrief or monitor employees after they give notice that they are leaving the company;
23% said they were able to estimate the total annual cost of data leakage, putting the figure at $1.82 million.

Just last week, the U.S. Department of Agriculture announced that it had exposed the personal identifying information on about 150,000 people over the last 26 years. The agency admitted inadvertently exposing online sensitive information, such as names and Social Security numbers, in a publicly available database, which had existed since 1981. The information has been exposed ever since it was put online.

People are getting fed up with their personal information leaking out into areas where it could be scooped up by criminals working online.

A report came out earlier this month from Javelin Strategy & Research showing that 77% of 2,750 consumers polled said they would stop shopping at stores that suffer data breaches. The research company found that 63% of consumers see retailers as the least secure companies when it comes to protecting consumers' data, compared with the 5% who distrust credit card companies such as Visa or MasterCard.