By Sharon Gaudin
April 24, 2007
One-third of companies said in a recent poll that a major security
breach could put their company out of business, according to a report
The security company unveiled a study Tuesday showing that 33% of
respondents said they believe a major data-loss incident involving
accidental or malicious distribution of confidential data could put them
out of business. The study, called Datagate, is based on a survey of
more than 1,400 IT professionals at companies with at least 250
employees in the United States, the United Kingdom, France, Germany, and
McAfee's study also showed that while breach awareness is improving, the
problem continues to grow, as well.
Sixty percent of those polled said they had experienced a data breach in
the past year, and only 6% could say with certainty that they had not
experienced one in the previous two years.
Despite how many companies are suffering data breaches, though,
companies are still devoting just a fraction of their IT budgets to the
threat. On average, the IT managers polled spend just 0.5% of their
overall IT budgets on data security.
"Six in 10 companies admitting a breach in just the past year is ample
proof that more needs to be done to address this very serious problem,"
said Dave DeWalt, president and chief executive officer at McAfee, in a
written statement. "Awareness alone isn't enough. To protect customers,
employees, and shareholders, data loss prevention needs to become a top
priority at every level of the organization, from the board room to the
The study also showed:
* A data breach that exposed personal information would cost companies
an average of $268,000 to inform their customers -- even if the lost
data is never used;
* 61% of respondents said data leakage is the doing of insiders, and 23%
said those leaks are malicious;
* 46% said they don't debrief or monitor employees after they give
notice that they are leaving the company;
* 23% said they were able to estimate the total annual cost of data
leakage, putting the figure at $1.82 million.
Just last week, the U.S. Department of Agriculture announced that it had
exposed the personal identifying information on about 150,000 people
over the last 26 years. The agency admitted inadvertently exposing
online sensitive information, such as names and Social Security numbers,
in a publicly available database, which had existed since 1981. The
information has been exposed ever since it was put online.
People are getting fed up with their personal information leaking out
into areas where it could be scooped up by criminals working online.
A report came out earlier this month from Javelin Strategy & Research
showing that 77% of 2,750 consumers polled said they would stop shopping
at stores that suffer data breaches. The research company found that 63%
of consumers see retailers as the least secure companies when it comes
to protecting consumers' data, compared with the 5% who distrust credit
card companies such as Visa or MasterCard.
Subscribe to InfoSec News