[Dataloss] Article: The Cold, Hard Costs of Data Exposure

[George Toft]

PGP Study says the direct, indirect, and opportunity cost is $140 for 
each record lost.  They also say 20% of the customers leave, and an 
additional 40% are looking for a new provider.

Reference: PGP Research Report – Summary
Lost Customer Information: What Does a Data Breach Cost Companies?
http://www.securitymanagement.com/library/Ponemon_DataStudy0106.pdf

Cheers!

George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
480-544-1067

Confidential data protection experts for the financial industry.


lyger wrote:
> (since the question of "how much is my data worth" was asked earlier this 
> week, here's more for the discussion)
> 
> Courtesy Dissent from pogowasright.org
> 
> http://www.esj.com/News/article.aspx?EditorialsID=2169
> 
> Again and again the stories surface; only the names seem to change. 
> Company X reports a data breach after a laptop is stolen or a server is 
> hacked, exposing Y numbers of customers to potential identity theft. The 
> common response to these incidents includes notifying the affected 
> customers (as required by various state laws) and (usually) offering a 
> year.s free credit monitoring service.
> 
> What's untold is how much the episode is costing Company X, over and above 
> the humiliation outlay. "Our estimate is that the cost ranges from $25 to 
> $150 per impacted record," said Jon Oltsik, analyst at the Enterprise 
> Strategy Group. More visible, national companies tend to spend more, he 
> noted, as they have to notify people nationwide and stand more risk of 
> losing their customers as a result of the incident. Local firms with 
> minimal competition, such as a community hospital, can mount a less 
> elaborate response, he said.
> 
> [...]
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 136 million compromised records in 375 incidents over 6 years.
> 
> 
> 
>