Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use.


Returning to the theme of deploying security updates once more, we need to look at the potential cost of not deploying updates, breaches……

Studies are available for the years 2007 & 2008 for US, UK and Germany as examples:

http://www.encryptionreports.com/costofdatabreach.html

Extract from United States Report:

Among the study’s key findings:

  • Total costs continue to increase: The total average costs of a data breach grew to $202 per record compromised, an increase of 2.5 percent since 2007 ($197 per record) and 11 percent compared to 2006 ($182 per record). Breaches are costly events for an organization; the average total cost per reporting company was more than $6.6 million per breach (up from $6.3 million in 2007 and $4.7 million in 2006) and ranged from $613,000 to almost $32 million.
  • Cost of lost business continues to carry the highest impact: The cost of lost business continued to be the most costly effect of a breach averaging $4.59 million or $139 per record compromised. Lost business now accounts for 69 percent of data breach costs, up from 65 percent in 2007, compared to 54 percent in the 2006 study.
  • Third-party data breaches increase, and cost more: Breaches by third-party organizations such as outsourcers, contractors, consultants, and business partners were reported by 44 percent of respondents, up from 40 percent in 2007, up from 29 percent in 2006 and 21 percent in 2005. Per-victim cost for third party flubs is $52 higher (e.g., $231 vs. $179) than if the breach is internally caused.
  • “First timers” cost more, repeat breaches continue: Data breaches experienced by “first timers” are more expensive than those experienced by organizations that have had previous data breaches. Per-victim cost for a first time data breach is $243 vs. $192 for experienced companies. More than 84% of all cases in this year’s study involved organizations that had more than one major data breach.
  • Training and awareness programs lead companies’ efforts to prevent future breaches, according to 53% of respondents. Forty-nine percent are creating additional manual procedures and controls. Of the technology options, 44% of companies have expanded their use of encryption technologies, followed by identity and access management solutions to prevent future data breaches.

Henk and Roger