Wednesday, November 15, 2006

Rising Cost of Data Breaches: $182 per lost customer record

My hat is off to Larry for his study of security costs. In some ways this latest Ponemon Insitute study is probably more indicative of the state of things than the annual CSI/FBI survey.

If you are trying to get your company to do a better job of securing data, try multiplying the number of customer records your company processes/stores (CRP) times cost of loss per record (CLR) and you might have a good starting point for budgeting project to overhaul your current security (CRP x CLR = the hit to profits from any single incident in which CRP number of records are exposed).

Larry figures the figure for CLR is $182. A breach exposing 10,000 records is thus a $1.82 million problem. Spend that amount on security upgrades and you arguably save an unknown number of exposures (there is nothing that says you won't get hit twice in one year for example). Spend anything less than that and you are playing a high stakes game of chance with your business and, if you are a C-level exec or board member, with your personal and professional liability.

And don't let your managers fob you off with "these studies are just scare tactics." Tell them I know Larry Ponemon and Larry Ponemon is no scaremonger.


Anonymous said...

Dear Mr. Cobb,

I am the office manager of StrikeForce Technologies, Inc. I was hoping to introduce you to George Waller, our EVP, to discuss our anti-keylogging product, GuardedID. Please feel free to go to our site,, for additional information on our product.

I appreciate your time and your consideration. I can be reached at (732) 661-9641.

Thank you and I look forward to hearing from you.

Dawn Rodriguez

Anonymous said...

Just thought I would read random posts today, and comment on them, but this one is totally over my head:)

Girl on A Train said...

Congrats for making into Blogs of Note. Makes me read stuff I wouldn't normally choose!
Girl on a Train

Stephen Cobb said...

Check out the expanded explanation of computer security I just edited.