When my friends ask me why they should care about the security measures of the companies they do business with (or why they should be a little more careful with their own business-related security measures), I tell them in terms they understand: Bad security is expensive and eventually, expenses trickle down to the consumer. And I suspect it will get worse before it gets better.
A recent Ponemon Institute study confirms this, stating that the cost of a breach went up in 2010 to approximately $214 per record, $10 more per breached record when compared to 2009. According to the report:
The U.S. Cost of a Data Breach Study was derived from a detailed analysis of 45 data breach cases with a range of approximately 5,000 to 101,000 records that were affected. The study found that there is a positive correlation between the number of records lost and the cost of an incident. Companies analyzed were from 15 different industries, including financial, retail, healthcare, services, education, technology, manufacturing, transportation, consumer, hotels and leisure, entertainment, marketing, pharmaceutical, communications, research, energy and defense.
Other findings from the report include:
Add this up and a data breach-whether it be from a hacker into the network, a Trojan or someone losing a laptop-is going to cost individual companies a lot of money.
True, we'll never totally stop breaches from happening, but companies can take action, especially as more sophisticated tools to detect and prevent breaches become available. As Steve Shillingford, president and CEO of Solera Networks stated:
Breaches do occur and will continue. Next generation threats are being specifically architected to subvert installed security defenses. Knowing the full extent of a breach is key to appropriately dealing with it.