Slashdot Mirror
Data-Breach Costs Rising, Study Finds
BobB-nw writes to tell us that a recent study of 43 companies that suffered from data breaches last year showed the total cost of dealing with the breach to have risen to $6.6 million per incident. The cost is about $202 per record compromised for first timers, while the repeat offenders seem to have their mojo down and only suffer about $192 per record. With 88% of all data loss cases for 2008 being traced back to insider negligence it's a wonder that a little upfront money isn't being directed at prevention; guess as soon as they idiot-proof it someone will build a better idiot.
If they need to try to Idiot-proof a system take out the "Idiot". If these companies hire more technology inclined workers (people who read /.) they they won't have this problem as often.
Its not my fault, someone put a wall in my way.
As a network admin for a mid-sized company, we spend quite a lot of money every year with PCI Compliance, and outside intrusion detection, and our customers want even more every year. It's expensive and quite often a hassle to maintain good security. Many vendors have told us to 'just open it up' or 'Naw,that issue wont cause a problem' We schedule days when our operational servers will be down for windows updates, and our clients yell and scream because they are down. I've not yet found a way to install windows security patches, firewall security patches, and overall general security upgrades without interruption. I sincerely wish our clients would understand that we want to make money also, and keeping the clients happy AND SECURE, makes us money. So we have a reason for rebooting that terminal server once a month.
it's a wonder that a little upfront money isn't being directed at prevention
No it's not... Only in the last few years have management began to look at IT as something more than a "support" department. I have worked in companies where the IT department head reported to the Facilities Management Director (think landscaping and custodial services), who reported to the VP of Finance. Essentially, IT had no influence or budget to speak of, even when we pointed out that we were ripe for the picking when it concerned customer data and trade secrets.
Jump forward a few years, and now that same company has an VP of Information Technology and an annual IT budget of 4X the Finance department's total budget.
It's no surprise that it's still taking time to get pro-active expenditures approved. What I'm actually surprised about is that most Presidents/CEO's are actually aware of the risks now. If not for a few recent high profile leaks, most IT departments couldn't get any money for such projects.
Finally, there is no evidence that upfront money wasn't spent. Most companies just haven't figured out how to adequately secure their data, not for lack of resources or trying, but because there isn't a formula for guaranteed success.
Sometimes the best solution is to stop wasting time looking for an easy solution.