What’s to blame for 90% of data theft
March 3, 2009 by Sam NarisiPosted in: IT employment, In this week's e-newsletter, Information security, Latest News & Views
Companies are losing a lot because of data theft. And the cause behind most of those breaches may be surprising to IT and Finance pros.
The average cost to companies per incident of data theft in 2008 was $6.65 million, compared to $6.3 million in 2007, according to a recent report by PGP Corp. and the Ponemon Institute.
The total costs include loss of customers, legal fees and lost productivity while dealing with the issues.
The cause of those costly incidents? More than 88% were blamed on “insider negligence.”
In other words, those companies’ employees were to blame. Many cases involved actual theft by employees, the misplacement of laptops and other equipment containing sensitive files or insecure electronic data transfers (for example, an employee sending information to his personal e-mail address to view it at home).
Tags: confidential, customers, data theft
March 3rd, 2009 at 1:35 pm
When I give a company my personal information, I expect them to do everything in their power to protect it. Obviously, this doesn’t always happen. These companies need to take responsibility for this and take actions to prevent data theft. I saw an article in sc magazine about a technology called format-preserving encryption – http://www.scmagazineus.com/Encryption-can-help-build-trust/article/126936/. Seems like it can make this easy for companies, so now they have no excuse. More about that technology at http://www.voltage.com/technology/Technology_FormatPreservingEncryption.htm
April 12th, 2009 at 11:00 pm
Thanks for this. Just subscribed.
June 2nd, 2009 at 10:40 am
Jason. Unfortunately, companies do NOTHING unless they are mandated to do it. I know first hand. My company protects sensitive data, yet time and again, no one is buying because they do not think insiders are a threat. They are!! How many times are we going to see these articles before CFO’s, CEO’s, CIO’s, and Privacy Officers take note? Probably when it is too late and their company is in the press for a breach.