May 22, 2012

Data Breaches Breaking the Bank for Businesses

Risk Management Monitor
Emily Holbrook
Risk and Insurance Management Society, Inc. (RIMS)
Monday, August 2, 2010
Communications, Media & Internet / Financial Institutions & Banking
All Federal
Printer-friendly
Email this Article
Download PDF
Reprints & Permissions

 

Hope you enjoyed that headline alliteration.

But let’s talk cyber crime. In 2010 it’s rare to find someone who has never had their email account hacked (happened to me last month!) or their personal information stolen by cyber thieves. But that’s small time cyber crime compared to what’s happening to businesses around the globe.

According to a new study by Ponemon Institute, an independent research establishment, organizations are getting hit by at least one successful attack per week. Sound like a lot to you? It is. But what’s even more distressing and hard to believe is that the annualized cost to their bottom lines from the attacks ranged from $1 million to $53 million per year.

Pnemon’s first annual “Cost of Cyber Crime” report studied 45 U.S. organizations hit data breaches. It found that the median cost to companies was $3.8 million per year for an attack. Certainly enough for some bottom line blues.

“Information theft was still the highest consequence — the type of information [stolen] ranged from a data breach of people’s [information] to intellectual property and source code,” says Larry Ponemon, CEO of the Ponemon Institute. “We found that detection and discovery are the most expensive [elements].”

The report found that web-borne attacks, malicious code and malicious insiders are the most costly types of attacks, and social security numbers are the most commonly compromised form of data. According to Datalossdb.org, there have been 10 reported data breaches in the past 13 days alone. Let’s take a look at the largest reported breaches in history, courtesy of the aforementioned website:

data breach

According to the Ponemon study, the 45 organizations studied did not have the right tools or technologies in place to prevent such costly breaches (bad risk management to say the least). The leading types of attacks were malware (25%), SQL (24%) and stolen/abused credentials (16%).

Numerous tech companies, such as Cisco and Symantec, offer data loss prevention products and services.

Without data breach technology in place, a company is throwing away their hard-earned dollars. And millions of dollars at that, according to Ponemon.

The above article is reprinted from the Risk Management Monitor - the official blog of Risk Management magazine.

Reprinted with permission from the Risk Management Monitor. Copyright 2010 Risk and Insurance Management Society, Inc. All rights reserved.

About the Author

Emily Holbrook
Editor

Emily Holbrook is the editor of Risk Management magazine and the Risk Management Monitor blog.

www.rmmagazine.com
212-655-5915
www.rmmagazine.com

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. NLR does not accept advertising from attorneys or law firms. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be an advertisement or a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.