Contact: Wils Bell
President / Security Headhunter / Security Recruiter
Oviedo, FL 32762
The following 2 articles are also posted on our SecurityHeadhunter.com's Blog
Think your organization is safe from data breaches? Consider these facts:
- The average cost to a company in 2008 for a Data Breach was over $6 million dollars which only included rebuilding their brand, rebuilding their image and attempting to retain customers.
- Based on approximately 40 companies that experienced a breach of consumer information, the average cost per consumer /customer record was $200. Considering the fact that each breach averaged a little over 30,000 records the cost adds up quickly.
- Sadly, over 80% of the companies surveyed had already had a data breach or other security breach prior to the 2008 incident.
- The $200 per record are from such expenses as setting up credit monitoring for customers, helpdesk hotlines to field consumer inquiries and of course consumer notification. What the $200 does not cover was the damage that can occur to a company stock price.
- Last year a major credit & debit card processor, Heartland Payment Systems, came clean about a major breach affecting millions of consumers. Their stock price fell over 40% to a 52 week low.
The whole point of this is that consumers do not like it when they hear a company has had a data breach. Letís face it, people donít like it when they see that a company has lost their personal data. It shows a lack of concern for security and or privacy.
In this economy can you as an organization really afford to lose customers because of a data breach? Get yourself an IT Audit and see where youíre vulnerable, and yes you probably are in several areas. In todayís world, you can get top Security & Risk Auditing services at a fraction of the cost of what the major Auditing firms charge. Bigger is no longer better.
If you could hear the stories I hear from my Security & Risk contacts you would call for an Auditing firm to be at your door tomorrow.
Remember, getting your company name all over the Internet and nightly news is great unless itís for a data breach of customer personal information.
If you're like most organizations, you feel you are protecting your data. Well, take a look at this article -A Chronology of Data Breaches on Privacy Rights Clearinghouse that lists major Data Breaches going back to 2005. It really opens your eyes.
A few excerpts from the article:
What does the Chronology of Data Breaches contain?
The data breaches noted have been reported because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driverís license numbers. Some breaches that do NOT expose such sensitive information have been included in order to underscore the variety and frequency of data breaches. However, we have not included the number of records involved in such breaches in the total because we want this compilation to reflect breaches that expose individuals to identity theft as well as breaches that qualify for disclosure under state laws. The breaches posted below include only those reported in the United States. They do not include incidents in other countries.
What does the Total Number indicate?
The running total ( 261,774,380) we maintain at the end of the Chronology represents the approximate number of *records* that have been compromised due to security breaches, not necessarily the number of *individuals* affected. Some individuals may be the victims of more than one breach, which would affect the totals.
Is the Chronology of Data Breaches a complete listing of all breaches?
No, it is not a complete listing of breaches. The list is a useful indication of the types of breaches that occur, the categories of entities that experience breaches, and the size of such breaches. But the list is not a comprehensive listing. Most of the information is derived from the Open Security Foundation list-serve (see below) which is in turn derived from verifiable media stories, government web sites/pages, or blog posts with information pertinent to the breach in question. Many breaches (particularly smaller ones) may not be reported. If a breached entity has failed to notify its customers or a government agency of a breach, then it is unlikely that the breach will be reported anywhere.