The Cost and Risks of a Data Breach
added: 08.20.2013, by Mike Spinney
When I worked with the Ponemon Institute, our most anticipated annual study was the Cost of a Data Breach report. That report was derived from data resulting from actual data breaches that occurred within companies which would then invite Dr. Larry Ponemon to examine the causal and financial aspects of the event.
The companies studied represented a broad variety of industries and were typical in size and structure of organizations operating in their respective industries. The study’s methodology and FAQs give more insight into the nature of the study and draw a picture of a report that is rendered in such a way as to provide a wealth of information that should help organizations set a course of action to address threats to data integrity.
Beyond the financial aspects associated with a data breach, one of the most noteworthy takeaways from the 2013 report is the relatively similar risk to data from malicious acts, human error, and system glitches.
The Ponemon report has spawned many similar studies, including this one from NetApp that examines the risks inherent with managing corporate data in a mobile environment.
The NetApp study highlights the risk to data as more and more workplaces adapt to accommodate an increasingly mobile workforce. Yet, in spite of that accommodation, there is a recognition that carelessness within that workforce represents a significant risk to the data being handled by mobile employees.
I have heard comments that suggest some dismiss the results as not applicable to their situation. An organization is too small, doesn’t collect protected personal information, or operates in a niche that falls outside of the typical range of industries studied.
The fact is that any organization or individual that handles data (and, let’s face it… that is all of us) is vulnerable to the effects of a data breach. You don’t need to have a database full of bank records or credit card numbers, personally identifiable information, or health data to be at risk. Sure, some of that information may trigger specific response and reporting requirements, but what if that file saved on your computer includes proprietary organizational information about a client, or a creative treatment for a video project?
Would losing that information set your project back? Would it put your reputation at risk, or give your competitors an edge? Protecting the information on which your business relies is a worthwhile investment – even when that investment doesn’t cost much at all.