|
|
Main »
Laptop SecurityIn a short WSJ article, More Firms Ride Wave of Mobile Security, on Tuesday, 2/27, there were 2 interesting data points: # of records involved in computer thefts in the last 2 years and the cost per record for a data breach. Since January 2005, about 100 million records containing sensitive personal information have been breached in laptop and other computer thefts at corporations and government agencies around the U.S., according to the Privacy Rights Clearinghouse, a nonprofit consumer group in San Diego.
An August study by the Ponemon Institute, an industry consulting firm in Elk Rapids, Mich., also found that 81% of nearly 500 companies surveyed lost one or more laptop computers containing sensitive information in the previous 12 months. Ponemon said the average cost of a data breach is $182 per record, or an average of $4.8 million per breach for companies affected.
Playing a little game called extrapolate the data, these data points indicate that the 2 year cost is $18.2 billion, or a 1 year cost of $9.1 billion. Ok - now I have a number to play with, what can I compare it to? Looking at Standard and Poors Industry Survey for Computer Software (10/19/2006), the 2006 worldwide security software revenue forecast was $13.7 billion. This category includes: secure content management, identity and access management, security and vulnerability assessment, and threat management. A more detailed view can be obtained by looking at some data from individual companies. The 2006 CSI/FBI Computer Crime and Security Survey indicates that the 313 companies reporting security incident losses had data type losses averaging about $55,000 per company:
So current direct spending on security software totals $13.7 B. But this ignores spending in the other computer indutry categories such as network, hardware, and commercial services that have some components of operating and capital expenditure reltated to security. Is there a conclusion from my extrapolation? Not specifically - but this is an ongoing process. Two quotes to leave with: People just don't get it. If you think about our IT culture, you wouldn't think of putting together a PC today without anti-virus software or a network without a firewall, but we still think we can create a database and not protect it. This is where the culture hasn't matured; we're protecting everything but the data, and we need a cultural shift. Gordon Rapkin, president and CEO of Protegrity as quoted in eWeek 8/30/2006.
They're not numb and they do care and they're leaving" business relationships with companies that don't adequately protect their personal information. Privacy Council CEO Larry Poneman as quoted in a ComputerWorld blog 10/24/2006.
How important is this issue? "Data Protection" (defined as classification, identification, encryption, and application security software) was the #1 critical issue for the near term future reported by the CSI/FBI 2006 survey. The AICPA's 2007 Top Technology Initiatives survey reports several categories in the top 10 that are related to information security and data security: #1 Information security management, #2 Identity and access management, #4 Privacy management, #7 Securing and controlling information distribution, #8 Mobile and remote computing (securely!), and #9 Electronic archiving and data retention Additional note on CSI/FBI SurveyThe annual CSI/FBI Computer Crime and Security Survey, 2006 is the latest available today), does a nice job of breaking down security incidents, costs, etc. by size of company responding to the survey. For example, a company breakdown on security spending (operating expenditures) per employee is:
3-3-2007 Tags: Info Security Back to Blog Notes-March 2007
|
Notes Investments Research Teaching ReadingList ClassicQuotes Computer Applications
PmWikiUserInfo Skin Admin Basic Editing Documentation Index pmwiki.org   |
| Page last modified on September 25, 2008, at 01:26 AM - Powered by PmWiki |