BreachExchange mailing list archives

Re: Article: The Cold, Hard Costs of Data Exposure

From: George Toft <george () myitaz com>
Date: Wed, 27 Sep 2006 16:23:23 -0700

PGP Study says the direct, indirect, and opportunity cost is $140 for 
each record lost.  They also say 20% of the customers leave, and an 
additional 40% are looking for a new provider.

Reference: PGP Research Report – Summary
Lost Customer Information: What Does a Data Breach Cost Companies?
http://www.securitymanagement.com/library/Ponemon_DataStudy0106.pdf

Cheers!

George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
480-544-1067

Confidential data protection experts for the financial industry.


lyger wrote:

(since the question of "how much is my data worth" was asked earlier this 
week, here's more for the discussion)

Courtesy Dissent from pogowasright.org

http://www.esj.com/News/article.aspx?EditorialsID=2169

Again and again the stories surface; only the names seem to change. 
Company X reports a data breach after a laptop is stolen or a server is 
hacked, exposing Y numbers of customers to potential identity theft. The 
common response to these incidents includes notifying the affected 
customers (as required by various state laws) and (usually) offering a 
year.s free credit monitoring service.

What's untold is how much the episode is costing Company X, over and above 
the humiliation outlay. "Our estimate is that the cost ranges from $25 to 
$150 per impacted record," said Jon Oltsik, analyst at the Enterprise 
Strategy Group. More visible, national companies tend to spend more, he 
noted, as they have to notify people nationwide and stand more risk of 
losing their customers as a result of the incident. Local firms with 
minimal competition, such as a community hospital, can mount a less 
elaborate response, he said.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 136 million compromised records in 375 incidents over 6 years.

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 136 million compromised records in 375 incidents over 6 years.

Current thread:

Article: The Cold, Hard Costs of Data Exposure lyger (Sep 27)
- Re: Article: The Cold, Hard Costs of Data Exposure George Toft (Sep 27)
  - Re: Article: The Cold, Hard Costs of Data Exposure security curmudgeon (Sep 27)
    - Re: Article: The Cold, Hard Costs of Data Exposure Chris Walsh (Sep 27)
    - Re: Article: The Cold, Hard Costs of Data Exposure Kenton Hoover (Sep 27)
    - Re: Article: The Cold, Hard Costs of Data Exposure Tom Fragala (Sep 27)