http://www.networkworld.com/news/2007/041107-survey-data-breaches.html By Ellen Messmer Network World 04/11/07 In a recent survey of 83 corporate IT managers, 28 acknowledged having had to cope with a data breach, and half of those respondents reported significant related costs. In its report entitled Calculating the cost of a security breach, research firm Forrester said half of those polled cited changes to security and auditing processes as a major cost category. In addition, 43% said the costs of customer notification and loss of business could be counted in the fall-out from a data breach, though only 25% feared lawsuits and civil penalties. In its report, Forrester concluded that the costs of a data breach vary widely, from about $90 to $305 per customer record, depending whether the breach is low-profile or high-profile and the company in a non-regulated or highly regulated area, such as banking. The Forrester report notes this is higher than findings made by the Ponemon Institute and others industry experts that typically cite costs associated with a data breach to be in the $50 range per customer record to cover legal fees, notification costs, increased call center costs, marketing and public relations expenses. In counting up costs to cope with a security breach involving sensitive data, Forrester reckons it costs $50 just for the discovery, notification and response that brings in unexpected expenses associated legal counsel, call centers and mail notification. Lost employee productivity would range from $20 per customer record to $30, while the opportunity costs in lost customers and difficulty in getting new ones would range from $20 for a low-profile breach in a non-regulated industry to $100 for a high-profile breach in a regulated one. Regulatory fines could also incur in regulated industries to the tune of $25 to $60 per customer record. Credit-card replacement costs or civil penalties cost easily add up to $25, Forrester reckons. Though it may seem hard to estimate a dollar value associated with a data breach, focus on cost per record vs. overall costs, the Forrester report advises. The IT division should use the estimates simply as a starting point in interacting with the business side in estimating costs. (c) Copyright 2007 Network World Inc. __________________________ Subscribe to InfoSec News http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Apr 11 2007 - 23:20:39 PDT