in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption: Cost Of Breach Rises To $209 Per Customer Record

Can disk encryption software ever deliver a positive ROI?  Yes, I'd argue, if you take the following release into consideration: The Ponemon Institute's annual findings on the cost of customer data breaches.

Data Breach Costs $209 Per Customer

The survey by the Ponemon Institute is an annual one, and started five years ago: The initial findings at that time showed costs of $138 per customer record breached.  In 2009, the costs per customer reached $209.

Considering the 2008 findings, where the breach costs were an average of $207, it looks like the cost of data breaches has reached something of a plateau.

(This may soon change, though, seeing how states seem to be updating their data privacy laws.  Plus, there's movement on the federal front.  In November 2009, the Personal Data Privacy and Security Act was approved by the Senate Judiciary Committee, and is now facing the vote of the full Senate.)

Negligence, such as lost laptops, topped the list of root causes at 40%.  Glitches and malicious attacks followed with 36% and 24% of the cases, respectively.

It was also found that the presence of a Chief Information Security Officer (CISO) has an effect on the costs.  Companies with a CISO showed an average cost of $157 per record breached, while those without one had breach costs of $236.

Can Disk Encryption Deliver Positive ROI?

ROI is a measure that cannot really be applied to security software.  Think about it: a "return" implies that there is a chance of future revenues due to an investment today.

Security software are cost centers, and any ROIs will always be negative by definition.  It's like expecting a return from your life insurance: it's not that you can't get a return, it's just that you'll have to go through a sizable accident in order to get it.  I don't know too many people who are willing to do that.

That being said, it you couple up the costs of protecting your data with surveys like the above, you can begin to get a feel whether encryption software is "worth it."

For example, assume the cost per customer is $200.  Now, take into consideration that full disk encryption, like AlertBoot, comes to around $160 per employee.  Also take into consideration the fact that most companies have more customers than employees, and assume that a typical company will have a breach every 5 years.

If we assume that there are 2000 customers being supported by 500 employees (a very generous ratio), plus breach costs of $200 per customer and $160 per employee for encrypting laptops, we get the following:

                    

As you can see, the costs balance out on the fifth year.  Technically, if the company has a breach every 4 years, they're seeing a "positive ROI." (Yes, I'm assuming the customers are not increasing nor decreasing, employees are not being fired, etc.  I am, however, taking into consideration that AlertBoot is a managed service.)

On the 6th year, the company is seeing a "negative ROI"--not that I would agree with such a conclusion.  After all, the use of encryption means there was no breach, an important thing to keep in mind when considering the "cost of data breaches."

Also keep in mind that if the customer-employee ratio were a more reasonable 2000 to 250, the costs would balance out on the tenth year, meaning a "positive ROI" up to year 9.

In practical terms, that means data encryption software for laptops like AlertBoot is worth it: I'd assume that most companies won't go ten years without having at least one data breach.


Related Articles and Sites:
http://news.idg.no/cw/art.cfm?id=64C34A39-1A64-67EA-E449D53EB1258EDB
http://www.networkworld.com/news/2010/012510-data-breach-costs.html

 
<Previous Next>

Laptop Encryption Software Not Used For UK Retinal Scans: Southampton University Hospitals NHS Trust

Laptop Encryption Software: Methodist Hospital Loses Laptop From Premises

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.