Data Security – The Costs of Bad Security
The Costs of Bad Security
SUMMARY: Sony recently revealed that the cost associated with cleaning up the massive security breach that exposed personal information of more than 100 million users would be at least $171 million. The episode was a reminder of the stakes involved in data security—and an indicator that many organizations are not protecting themselves well enough. “When it comes to all of these security problems, companies aren’t spending up front but have to spend a lot of money on the back end to fix things,” says Thomas Ristenpart, a computer security researcher at the University of Wisconsin.
If you follow the Firestorm newsletter, then it is old news when we remind business leaders that “too many companies fail because leadership lost a bet with the business as the wager — and they never knew they were making the bet.”
Sony is the current “whipping boy” for apparent lack of information security planning. Sony will, however, likely survive this incident — escaping with a hit to earnings – because it is large and robust enough to experience all this as a nasty bump in the road. The majority of businesses, however, would not fare as well under similar circumstances.
An internationally recognized technology think tank determined in 2010 that for breaches of consumer information involving LESS THAN 5,000 records resulted in recovery costs averaging $1,000 per record.
So, imagine a small- to medium-sized business with a consumer customer base of only 500 records. If that relatively small database is breached, the business can be facing $500,000 in clean-up costs! Does your business have an extra half-million dollars to spare?
The PROVEN strategy to avoid “wagering the business” while not shattering the ongoing run-rate is to perform an annual information security risk assessment. In this technology-based business environment, be smart and make informed decisions about protecting your critical information.
About Al Kirkpatrick, CISO
Al brings over twenty five years of business and technology experience to the Firestorm team. As the chief information risk and security officer for multiple public corporations, Al compiled an exemplary track record addressing risk management challenges across a wide range of industries.
His comprehensive understanding of the benefits, challenges and strategic considerations for governance, risk and compliance programs has helped companies avoid catastrophic costs while eliminating unproductive risk management investment. Before joining Firestorm, Al was the Chief Information Risk Officer for The First American Corporation, an $8 billion, Fortune-250, multi-national title insurance, real estate and financial services corporation.
He has extensive international proficiency in the Americas, Europe, India and Asia-Pacific.
Kirkpatrick has held chief information security officer positions at two large, technologically advanced corporations. He has also held various technology management positions, including the management of fossil and nuclear power plant information systems for the nation’s largest investor-owned utility company.