There are always going to be studies that show how much data breaches cost companies, mostly because it's a factoid that security researchers think will persuade the C-level types.
The flip side is that the frequency of these data breaches among peer organizations lessen the impact when it "happens here" and that the financial downside is just a cost of doing business.
It can also promote a culture of cover-ups. If it's a common thing, then there's no reason to make a big deal of it.
From Gene Schultz over at Hightower Software:
A recent study by the Ponemon Institute shows, for example, that 55 percent of participants in this study said they had been informed of more than one security compromise involving their personal data over the last two years, and eight percent said that they have been informed of four or more of such compromises.
The Ponemon Institute's study also shows that 63 percent of the survey participants reported that the letters they received after data security compromises had occurred contained no information concerning what to do to safeguard their data afterwards. Furthermore, the majority of the respondents indicated that more than a month had transpired before they were finally informed that their personal data were compromised. At the same time, however, 98 percent of those who had fallen victim to a data security compromise actually became victims of identity theft afterwards. Most significantly, almost one out of every three individuals who were informed of a data security compromise involving their personal data have ceased doing business with the company that experienced the incident. [From High Tower Blogs > Security Insights » Blog Archive » The Business Costs of Security Compromises]
Leave a comment