米Poneman Instituteの調査による、情報漏洩事件によるコストの情報。
Average data breach costs companies $5 million - Network World
By John Fontana, Network World, 11/02/06
情報漏洩を経験した31社を調べた結果、1件当たりにかかったコストは$5M、去年より3割増加。
Cost 2005 2006 Increase
Detection & escalation $10 $11 10%
Notification $18 $25 38.9%
Response $35 $47 34.3%
Lost business $75 $98 30.7%
Total $138 $181 31.2%
main culprit for data loss in 49% of the cases is a lost or stolen laptop, desktop, PDA or thumb drive
lost or stolen files acquired or used by third parties or outsourcers, put at 29%. Lost or stolen electronic backup such as magnetic tapes accounted for 26%, and lost or stolen paper records and files accounted for 13% of data breaches.
at 10%; malicious insiders, at 6%; malicious code, such as malware, spyware or crimeware, at 6%; and misplaced network or enterprise storage devices (as a result of a natural disaster, such as a major hurricane), at 3%. Of the companies responding to the survey, 6% did not disclose how their data breaches occurred.
After the breach the top preventive measure taken was the deployment of additional manual procedures and controls 42% of the time, training and awareness programs 29%, encryption over data in motion 23%, encryption over data at rest 16%, information leak detection and prevention systems 13%, security event management systems 10%, additional perimeter controls 10%, identity- and access-management systems 6%, independent security audits 6%, no new procedures or systems 6% and encryption over data backups 3%. Results add up to more than 100%, because respondents could answer in a variety of categories.
Privacyrights.orgの調査によると今年の情報漏洩事件は254件、再発防止の為に$180kが使われた。
流出した情報1件あたりのコストは$182。
Leave a comment