A recent BNET Intercom post asked how companies can best measure ROI on information security. It's an interesting, and still open, question. But while we're figuring it out, there's one handy way to get a more visceral sense of how much money is to be gained through information security. Just look at how much money companies lose due to data breaches.
A study out today from the Ponemon Institute determined:
Data breach incidents cost companies $197 per compromised customer record in 2007, compared to $182 in 2006. Lost business opportunity, including losses associated with customer churn and acquisition, represented the most significant component of the cost increase, rising from $98 in 2006 to $128 in 2007--a 30 percent increase.Dr. Larry Ponemon, chairman of The Ponemon Institute, commented on the study:
"The data from 2007 suggests that although companies are responding to data breaches more efficiently, consumers seem to be less forgiving when their personal information is compromised."This consumer backlash against high profile data breaches has resulted in thirty-four states passing laws requiring companies to notify victims of a a data breach.
Ponemon went on to note that "more than a third of breaches result from data being shared with third parties in the normal course of business-- a clear signal that organizations should examine how they are sharing their customers' data with outsourcers, vendors and partners."