In Security

Customer data breaches just keep getting worse.

The statistics around the costs and occurrences of customer data breaches are astounding. So why is the sense of urgency among IT executives lessening?

Two years ago I wrote about the increasing vulnerability and incredible cost of not securing customer data (see "The Coming Pandemic"), and yet since that time, "data privacy" has fallen as a management priority from the 8th to the 11th spot in CIO's annual "State of the CIO" research.

A study conducted by The Ponemon Institute found that the average cost of a data breach in 2007 was $6.3 million, representing a per-record cost of $197. How many customer records do you handle at your company?

TJX had a reported 94 million credit and debit records stolen. You can do the math, and it's down to the dollar. TJX has put aside a $197 million pretax reserve to cover breach-related costs. According to USA Today, the company has already agreed to pay MasterCard $24 million and Visa $41 million out of this reserve. Pretty scary stuff.

This is the nightmare we all want to avoid yet the incidents continue to occur. This March, supermarket chain Hannaford Brothers had up to 4.2 million card numbers stolen, leading to more than 1,800 reported accounts of fraud. The scary thing is that they were PCI-compliant! So, just remember that compliance doesn't equate to being secure. As Bill Homa, CIO of Hannaford, said in the Boston Globe, "The bad guys are one step ahead."

In 2007, Ponemon reported that laptops, thumb drives and mobile devices accounted for 49 percent of all breaches. I bring this up because mobility is a growing priority of yours, which means that sooner or later the data protection issue will be knocking on your door. Let's just hope that when it does come knocking, it is the CEO saying, "Job well done!" and not "Why is 60 Minutes asking for an interview?"

Related:

Copyright © 2008 IDG Communications, Inc.

7 secrets of successful remote IT teams