数据失窃成本渐增

||2008-02-09

今年，客户数据失窃给公司造成的损失要大于去年。隐私咨询机构Ponemon研究所的一项研究表明，2007年，企业承受的数据漏洞总成本和丢失单个记录的平均成本都比2006年有所增长。 该研究对美国35起数据失窃案进行了分析，这些案例中，数据漏洞规模最小的不足4,000个记录，最大的多于12.5万个记录。 数据失窃意味着生意机会的减少，这主要体现为客户流失和客户获取成本，2006年这一数字是98美元/记录，2007年为128美元，增长了30%。2007年，在所有数据漏洞中，笔记本电脑、闪盘、以及移动设备占到了49%；还有18%源于病毒或间谍软件等恶意攻击或者心怀不满的内部人员

The Cost Of Data Loss Rises

Other costs include reputation fixes and customer support in the form of information hotlines and credit monitoring subscription for victims, according to a new survey.

By Thomas Claburn  [InformationWeek]

Losing customer data cost companies more this year than last.

According to a study conducted by the Ponemon Institute, an independent information practices research group, data breaches cost businesses an average of $197 per customer record in 2007, up from $182 in 2006.

The average total cost for a data breach in 2007 was $6.3 million, up from $4.8 million in 2006.

The study suggests that lost data translates to lost business opportunity. This mainly comes in the form of customer churn and customer acquisition costs, which rose from $98 per record in 2006 to $128 in 2007 — a 30% increase.

Other costs include reputation management and customer support costs such as information hotlines and credit monitoring subscription for victims.

"In the past, there hasn’t been the evidence to say that people are losing customers due to a breach," said John Dasher, director of product management for encryption technology company PGP Corporation. "I think that’s changing."

Dasher attributes this to greater awareness of security issues and less tolerance of security issues on the part of the public.

The study found outsourcing to be a significant and growing source of risk. Breaches attributable to third-party organizations — outsourcers, contractors, consultants, and partners — were reported by 40 percent of respondents, an increase of 29% from 2006.

And in such cases, the breaches were more expensive, costing companies an average of $231 per customer record lost, compared to $171 when no third-party was responsible.

"If you outsource [and there’s a data breach], your costs are more than if you didn’t," said Dasher, who sees this as a consequence of IT trying to do more with less. "The outsourcers themselves appear to not be immune to poor security practices."

Legal costs associated with data breaches and public relations costs rose 8% and 3% respectively of total breach costs, according to the study.

The study indicates that laptops, thumb drives and mobile devices account for 49% of all breaches in the 2007 sample. About 18% of data breach incidents were attributable to a malicious attack (a virus or spyware, for example) or a malicious insider.

The study’s findings aren’t all bad news: The cost of data breach notification dropped by 15%. Dasher attributes this to organizations being more focused in their response.

PGP Corporation and data loss protection company Vontu (recently acquired by Symantec (NSDQ: SYMC)) sponsored the study. Both companies make products designed to mitigate data breach risks.

The study is based on analysis of 35 data breach incidents in the U.S. which range in scope from losses of fewer than 4,000 records to more than 125,000 records.

More than 216 million customer records have been exposed or lost in data breaches since 2005, according to Privacy Rights Clearinghouse, a privacy advocacy organization.

In late October, the U.K. government acknowledged losing data on more than 25 million of its citizens.

The Ponemon Institute plans to release a study of U.K. data breaches in January.

责编：admin

转载请注明来源：数据失窃成本渐增

本文链接地址：https://www.ccmw.net/article/21489.html