Stolen laptops, missing PDA's, lost thumb drives.  These are certainly considered common methods of data loss today.  But what about lost or stolen files acquired by third parties?  Those accounted for 29% of incidents reported.  Lost or stolen electronic backups accounted for data security breaches 26% of the time. 

According to a study completed in late 2006 by the Ponemon Institute, coping with and recovering from a single security breach cost on average $14 million per company per breach.  Data security breaches in 2006 "cost an average of $182 per compromised record, a 31% increase compared to the same period [in 2005]."  According to the study, the costs are going up for three primary reasons - phone calls for customer notifications, free or discounted services and increased customer churn.

And, it's not just the costs per incident.  Regulations in 20 states require companies to inform customers if their confidential or personal data has been lost, stolen or compromised. (Such as California's Senate Bill 1386.)  According to a second study, when 51,000 customers were asked about personal data being comprised,  they noted that they are terminating the business relationship with the company that had the problem.

According to the "Consumer Survey on Data Security breach Notification," 9,000 respondents said they had gotten a notification. 12% of this group had a strongly negative reaction to the situation. 20% of these terminated their relationship to the business that lost the data; another 40% were considering doing the same.

Ouch!

There are even more statistics in the 2006 Global State of Information Security Report from CIO magazine and PriceWaterhouseCoopers.  While companies apparently are doing a better job of safeguarding information security and privacy, there is still plenty of room for growth and improvement.

Look for this year to be yet another strong one for this topic.  If you would like to share your experiences, or comment on a situation you are aware of, feel free to share.