Welcome | Sign In
CRMBuyer.com
Security

Report: Customer Data Breach Costs Head Skyward

Print Version
E-Mail Article
Reprints
Report: Customer Data Breach Costs Head Skyward

By Jeff Meisner
E-Commerce Times
Part of the ECT News Network
02/03/09 8:46 AM PT

It's not criminals bent on stealing personal information to perpetrate thefts who are responsible for the majority of corporate data breaches. The combination of lax security policies and employee carelessness -- not to mention the loss of control when third parties access sensitive data -- can wreak costly havoc.


eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.

The cost of data breaches continued to rise in 2008, according to a new study from network security company PGP and the Ponemon Institute.

The study, which was sponsored by PGP, surveyed 43 organizations across 17 different sectors and evaluated the financial consequences of data breaches involving consumers' personal information.

The study also tracked an assortment of cost factors, including outlays for network security systems, legal expenses, customer Increase Customer Sales with Email Marketing -- Free Trial from VerticalResponse defection and reputation management, as well as costs associated with customer support services such as information hotlines and credit monitoring subscriptions.

Data breach incidents cost U.S. companies US$202 per compromised customer record last year, compared with $197 in 2007, according to the study. The average total per-incident cost rose to $6.65 million in 2008, up 5.3 percent from $6.3 million in 2007.

Healthcare and financial services companies experienced the highest customer churn rates -- 6.5 percent and 5.5 percent, respectively.

Third-party organizations accounted for more than 44 percent of all data breaches in 2008, and the resulting investigation and consulting fees made these the most costly form of data breaches.

Nearly 90 percent of all cases in the 2008 study involved insider negligence.

Expensive Mistakes

While hack attacks on prominent companies such as Microsoft (Nasdaq: MSFT) or on government IT systems garner the big headlines, outsiders are not behind most data breaches.

"There are all sorts of problems associated with internal breaches, but the actions of well-meaning insiders are the biggest problem," Kevin Rowney, founder of Symantec's (Nasdaq: SYMC) data-loss prevention division, told the E-Commerce Times.

For example, an employee who takes home a laptop loaded with sensitive customer information with the intent of working over the weekend can cause serious security issues.

"Maybe they leave the laptop in their car while they're on a Friday night date and then come back to find it gone," Rowney said. "That's a costly employee mistake."

Partners Pose a Risk

Third parties such as consultants and partners who have access to sensitive personal information about employees or customers also pose a significant risk, Larry Ponemon, chairman of the Ponemon Institute, told the E-Commerce Times.

In today's business world, organizations large and small use outside accounting firms, marketing Download Free eBook - The Edge of Success: 9 Building Blocks to Double Your Sales firms, public relations firms and IT consultants to help them achieve their goals.

The more people with access to a corporate network, the higher the probability of a data breach, Ponemon said.

Some Companies Still Don't Get It

Another issue facing large organizations is the apparent lack of urgency following an event.

"There's still a problem with the way management responds to these things," noted Ponemon. "Many organizations simply don't respond to their customers' concerns because they're so focused on the breach itself."

Many of the security problems companies face are preventable -- but most organizations don't have the right software tools and security policies in place to deal with data breaches, he observed.

"It's a combination of software and risk management," explained Ponemon. "Good technology, like encryption, data-loss prevention tools and data-access tools, can help -- but they're not the complete answer, because so many of these incidents are due to negligence and carelessness."

With more and more employees accessing corporate networks via laptops, smartphones and the like, it's imperative that companies put policies in place that govern the way those points of access are used, he said.

Execs and Security Teams

"Any kind of successful risk management approach has to start with a rough consensus between the executives and security team," Symantec's Rowney said. "Once you've got that trust built, there are a variety of control measures you can put in place, some brand new and some traditional, that can tell how data is being used and abused -- where the data is and where it's stored."

One of the primary causes of data breaches is that many companies don't even know where on the network sensitive data is held, he said.

What happens is that well-meaning employees tap into that data and copy it or work with it in unauthorized areas of their corporate networks, Rowney continued. "Other employees find it and then breach it, or hackers find it and breach it."

Print Version E-Mail Article Reprints More by Jeff Meisner

Talkback: Be the first to comment on this story.

More by Jeff Meisner

AT&T Launches Netbook-With-Service Experiment
April 02, 2009
AT&T is plugging a new plan in Atlanta and Philadelphia, offering netbook computers for as little as $50 to consumers who sign up for a monthly broadband access plan at $60 a month or more. The deal might be especially attractive to mobile workers in the healthcare and financial services sectors, who need more than a smartphone to conduct their business. 		Microsoft Offers Small-Biz Server Value Meal
April 01, 2009
Microsoft has unveiled a budget-minded server package for small businesses, providing the hardware, software and administrative services necessary to run their operations in much the same way that larger enterprises do. The offering could provide some competition for cloud-based hosted services, which have been gaining traction. 		New Google VC Fund on the Prowl for Great Ideas
March 31, 2009
Google is pouring some of its millions into a new venture fund on the lookout for innovations, particularly in the consumer Internet, software, clean tech, biotech and healthcare arenas. The move may seem counterintuitive during a recession, but Google argues that "great ideas come when they will."
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> Inside CRM Buyer
CRM Buyer
E-Commerce Times
TechNewsWorld
White Papers | Case Studies | Reports
9 Proven Techniques to Double your Sales. Sign up for the free eBook!
Leveraging Social Media To Boost E-Commerce Holiday Sales
The Business Case for Virtualization Management: A New Approach to Meeting IT Goals
Why Offshore Projects Fail: 6 Things to Know Before You Outsource
VCs Speak Out: Where the Tech Investments Are Going
LinuxInsider
MacNewsWorld
Today's CRM Buyer Sponsors
Vertical Response Email Marketing!
Sign up for your Free Trial today and send 100 emails on us!
Complimentary Webinar
How Much is 'Free' Costing You? DaveRamsey.com’s 567% ROI with Enterprise Analytics
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.