[ISN] Companies Say Security Breach Could Destroy Their Business

From: InfoSec News (alerts@private)
Date: Wed Apr 25 2007 - 02:45:37 PDT


By Sharon Gaudin
April 24, 2007

One-third of companies said in a recent poll that a major security 
breach could put their company out of business, according to a report 
from McAfee.

The security company unveiled a study Tuesday showing that 33% of 
respondents said they believe a major data-loss incident involving 
accidental or malicious distribution of confidential data could put them 
out of business. The study, called Datagate, is based on a survey of 
more than 1,400 IT professionals at companies with at least 250 
employees in the United States, the United Kingdom, France, Germany, and 

McAfee's study also showed that while breach awareness is improving, the 
problem continues to grow, as well.

Sixty percent of those polled said they had experienced a data breach in 
the past year, and only 6% could say with certainty that they had not 
experienced one in the previous two years.

Despite how many companies are suffering data breaches, though, 
companies are still devoting just a fraction of their IT budgets to the 
threat. On average, the IT managers polled spend just 0.5% of their 
overall IT budgets on data security.

"Six in 10 companies admitting a breach in just the past year is ample 
proof that more needs to be done to address this very serious problem," 
said Dave DeWalt, president and chief executive officer at McAfee, in a 
written statement. "Awareness alone isn't enough. To protect customers, 
employees, and shareholders, data loss prevention needs to become a top 
priority at every level of the organization, from the board room to the 
lunch room."

The study also showed:
* A data breach that exposed personal information would cost companies 
  an average of $268,000 to inform their customers -- even if the lost 
  data is never used;
* 61% of respondents said data leakage is the doing of insiders, and 23% 
  said those leaks are malicious;
* 46% said they don't debrief or monitor employees after they give 
  notice that they are leaving the company;
* 23% said they were able to estimate the total annual cost of data 
  leakage, putting the figure at $1.82 million.

Just last week, the U.S. Department of Agriculture announced that it had 
exposed the personal identifying information on about 150,000 people 
over the last 26 years. The agency admitted inadvertently exposing 
online sensitive information, such as names and Social Security numbers, 
in a publicly available database, which had existed since 1981. The 
information has been exposed ever since it was put online.

People are getting fed up with their personal information leaking out 
into areas where it could be scooped up by criminals working online.

A report came out earlier this month from Javelin Strategy & Research 
showing that 77% of 2,750 consumers polled said they would stop shopping 
at stores that suffer data breaches. The research company found that 63% 
of consumers see retailers as the least secure companies when it comes 
to protecting consumers' data, compared with the 5% who distrust credit 
card companies such as Visa or MasterCard.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Wed Apr 25 2007 - 02:58:46 PDT