Surge in malicious attacks makes data breaches even costlier

IT SECURITY 2009 = $525 2008 = $636 = $200 2007 = $510 A survey of 1,500 companies worldwide found businesses spend an average of 5% of their total IT budget on security. | It was broken down to security spending per employee, which averaged around US$525 in | 2009, compared with $636 in 2008 and $510 in 2007. The average cost of a data breach is over $200 per exposed record. That figure does not include any fines and penalties assessed by state or federal government agencies. 2009 = $1100 $6.75 million | The FTC can fine a business up | to $3500 "per violation." State fines typically run about $110 | per record. Each record exposed is regarded as a violation. Indirect breach costs, such as the loss of customers, outweigh direct costs by nearly 2 to 1. The average total per-incident costs in 2009 were $6.75 million. itrc Identity Theft Resource Center | | In 2010, companies spent, on average, $7.2 Million per data breach. In 2009, 498 breaches were reported, according to the Identity Theft Resource Center. About 44% of companies participating in a 2009 Ponemon Institute Annual Study engaged | I an outside consultant to assist them over the course of the data breach incident. About 11% of U.S. consumers received a breach notification in the past 12 months. | As of October 2010, 46 states have specific data breach notification laws. Slightly more than one third of breach victims experienced the theft of their Social Security | numbers, and about 15% had compromised ATM PINS. | Breach victims experienced a fourfold higher rate of fraud victimization over the past year than the typical consumer (19.5% vs. 4.32%). More than 130 million records| from the Banking/Credit/Financial sector were exposed in the first nine months of 2009. Common qutcomes of a security breach 1.Lost operation time 2.Loss of business focus 3.Loss of customers' confidence 4.Lost new business 5.Damage to employee morale and confidence 6.Time spent in meetings, communications, and other activities required to rebuild morale 7. Legal fees for dealing with customer damages 8.Legal fees for suing vendors who may have been involved in the data-breach incident 9.Increased public relations and advertising costs 10.Distracted and defensive management faced with angry customers, unhappy employees 11.The cost 12.The opportunity cost involved in giving the company time to return to "normal" replacing a management team held responsible for a data-breach incident Recent High-profile eaches Sony Playstation Network 101.6 Million records lost WordPress 18 Million records lost American Honda Motor Company 4.9 Million records lost Netflix 100 Million records lost NETFLIX U.S. Veterans Affairs Dept. 76 Million records lost Countrywide Financial Corp. 17 Million records lost Heartland Payment Systems 130 Million records lost LIBERTY O Facebook 80 Million records lost TJX Corp. 95 Million CC #'s lost TX University of Utah Hospitals and Clinics 2.2 Million records lost Sources: http://www.cio.com/article/617514/How_Much_Should_You_Spend_on_IT_Security_ http://sandburgassociates.com/?p-229 http://www.breachshield.com/data-security-breach-statistics.html http://web.securityinnovation.com/blog/bid/63193/The-High-Cost-of-an-Application-Security-Data-Breach http://content.delí.com/us/en/enterprise/d/large-business/data-breaches-are-expensive.aspx