More than eight out of 10 organizations have suffered at least one breach of data  in the last year, and 44 percent have lost data two to five times in the same period, according to new research from the Ponemon Institute.
There's some good news for companies that have a comprehensive encryption strategy, however. These organizations had significantly lower rates of data breaches.
Data breaches open organizations to reputation damage and lawsuits -- witness the recent data loss at grocery-chain Hannaford, where more than 4 million credit- and debit-card numbers were exposed between December 7, 2007, and March 10, 2008, resulting in at least 1,800 stolen, and at least one federal class-action lawsuit.
The study was sponsored by encryption vendor PGP Corporation, and looked at 975 U.S.-based IT and business managers. It revealed that the costs of data breaches continue to rise, up 43 percent from 2005 to an average of almost $200 per record compromised. The Ponemon study estimates an average cost of $6.3 million per breach.
John Dasher, director of product management with PGP, told us that it's not clear whether there are more breaches these days or they're simply more publicized. "But what's absolutely quantifiable is that those organizations with a security and encryption strategy in place suffer fewer breaches. It's irrefutable," he said. Only 6 percent of companies with a full enterprise encryption strategy suffered two to five breaches, compared to 15 percent of companies that have no such strategy.
Platform Solutions
While the survey looked primarily at large enterprises, Dasher said that the lessons learned apply to all businesses, regardless of size. Three-quarters of respondents said that deploying a platform-based encryption solution was an important part of their security plan; this type of solution allows central management and deployment of multiple applications, Dasher explained.
"I don't care if you're a 10-person shop or a 100-person shop, if your consultants go out on site and handle confidential client information, certainly you'd want to protect laptops with full disk encryption," as well as a storage encryption product that protects individual files.
A centrally managed platform makes this task simpler. "If you don't have a lot of IT personnel around, you're going to want to do that in both a cost-effective way and in a way that doesn't require a lot of IT attention," Dasher said. (continued...)
|
Social Media and the Customer Experience