Survey suggests ... consumer data breaches will get worse - stolen, unsecured laptops and other mobile devices pose a threat
DALLAS, Sept. 26, 2006 -- A new survey finds that the current epidemic of data breaches and identity theft resulting from stolen corporate laptops and other mobile devices will continue until more companies take aggressive action to protect the privacy of personal information they routinely collect on their customers -- and ultimate victims -- the consumers. CREDANT(R) Technologies' annual survey uncovers surprising results -- 88% of 426 respondents, representing IT organizations world-wide, say they know that large amounts of personally identifying and other sensitive information reside on employee's mobile devices, and 72% cite that encryption is required to protect personal identifiable information, yet less than 20% have implemented encryption.
More than 33 million Americans have become victims of laptop theft since February 2005 according to Privacy Rights Clearinghouse. Consumers, who are potential identity theft victims because the privacy of their personal information has been compromised, are outraged and companies must take more aggressive steps to protect their brand and regain customer trust. With the publicity surrounding laptop thefts and data breaches, it was not surprising that 75% of the respondents to the CREDANT survey ranked laptops as their number one concern for a data breach, but in the comments section, many reiterated concern for sensitive data that resides on any mobile device. 27% of the respondents ranked the automobile as the number one spot for laptop thefts, moving the office into second place from last year with 19% responding and theft from home ranked third with 14%. One respondent stated, "It is not relevant where the device is stolen -- a data breach is a data breach."
"Compliance, consumer trust and the impact to the bottom line is driving the need for encryption, but our concern is that even the 20% of organizations who have simply implemented encryption may have a false sense of security because there is much more to being compliant than installing the software," said Bob Heard, CEO and Founder, CREDANT Technologies. "28% of the respondents validated what we designed our encryption solution around -- operational controls and an audit trail that continuously verifies that the encryption software is installed and operating correctly. Without the audit trail, even those organizations who thought they were compliant will not pass the test."
The survey findings are particularly disturbing in light of the fact that 52% of respondents state that personally identifying information such as Social Security, driver's license numbers and financial, medical or other confidential personal information is stored on mobile devices. While 62% stated that up to 25,000 accounts would be impacted if a laptop were stolen, 30% percent reported that between 25,000 and 2 million accounts would be impacted; and 5% had no idea of how many accounts were vulnerable. Again, one respondent stated, "It's difficult to know, but one record is too many."
In a July 2006 report titled "Data Protection is Less Costly Than Data Breaches," Gartner Inc. estimated a company with 100,000 customer accounts can spend $90 per account breached or $9 million -- not including fines and lawsuits, versus $30 to $40 per employee on data encryption for their laptops or desktops. Only 38% of survey respondents were even in the ballpark of the Gartner report for the cost per account exposed. Still more alarming, 14% of respondents believed it would cost less than $10 per account! Additionally, only 28% say they consider penalties or fines as a consequence of data loss. The sad truth is the costs are much higher.
When asked to rank the consequences of a data breach to a company, 76% of the respondents cited damage to the firm's reputation would be their top concern and 47% also cited loss of customers as a fear. What needs to be understood is that everyone is a victim -- the enterprise, the employee, and the consumer. Today businesses pick up the tab on most consumer expenses, as well as their own remediation and auditing costs or fines. But, what about the price tag for the emotional impact? Consumer stress, feeling helpless and angry, and damaged credit reputations are too often overlooked. Furthermore, who is responsible? Headlines announcing the firing of employees or an executive's departure quickly escalates the company data breach to the individual level, the employee who also becomes the victim. What needs to be understood is that everyone is a victim -- the company, the employee, and the consumer.
The CREDANT survey delved into who should be responsible for a breach and asked respondents what consequences, if any, should be carried out. Not surprising, IT management stands behind their responsibility and will share the potential consequences -- even to the extreme of being fired. 36% of respondents feel that the accountability for any data breach falls to the person who lost the laptop or mobile device, while 33% believe that IT management who is responsible for securing the data should be accountable. However, when asked to identify the top three reasons why encryption, considered the primary data privacy and protection option was not implemented, the number one reason cited by 56% of the respondents was lack of funding. The second place response by 51% of the respondents was that encryption was not an executive priority. Limited IT resources was cited by 50% of the respondents as the third obstacle in getting the job done.
"Many surveys corroborate our results. But taking the impact one step further, to the individual employee and consumer level, our survey gets to the heart of the issue -- everyone is a victim. Organizations need to better protect one of their most valuable assets -- customer data," continued Mr. Heard. "Privacy protection has become a competitive differentiator and business tool. Our survey identifies that encryption is not being deployed by enough companies; that there is a lack of understanding as to the real cost of a data breach; and there is a lack of clarity of regarding what is required for compliance. These issues can be resolved and CREDANT is here to help."
An industry leader in mobile data protection, CREDANT Technologies' award-winning security platform encrypts data stored on laptops, tablet PCs, desktops, smart phones, PDAs and external storage devices. CREDANT's policy-based intelligence encryption protects only the most vital information, minimizing common data corruption and recovery issues and productivity losses that are common with older encryption solutions.
The CREDANT laptop survey was conducted in July 2006, with emails sent to nearly 17,000 Global 2000 IT professionals. Of those, four hundred and twenty six respondents from around the world completed the questions that make up the final outcome of the survey.
About CREDANT Technologies
CREDANT(R) Technologies is the market leader in providing security software that enables organizations to protect data and control mobile devices throughout the enterprise. With CREDANT security, organizations minimize risk and ensure regulatory compliance while benefiting from the increased productivity mobility provides. CREDANT Mobile Guardian secures corporate data on smartphones, notebook computers, tablet PCs and PDAs with directory- integrated and centralized security policy management. Strategic partners and customers include Global 2000 companies such as Cisco Systems, CommonTime, CUNA Mutual, EDS, Good, HP, Intel, Intellisync, Intermec, Microsoft, PalmOne, PalmSource, Schindler Elevator, Symbol and U.S. Army Medical Command. CREDANT is recognized as the visionary leader in mobile data protection, was selected by Red Herring as one of the top 100 privately held companies and top 100 Innovators for 2004, and has been named Ernst & Young Entrepreneur Of The Year(R) 2005. Austin Ventures, Menlo Ventures, Crescendo Ventures, Intel Capital and Cisco Systems are investors in CREDANT Technologies. For more information, visit http://www.credant.com .
NOTE: CREDANT, CREDANT Technologies, the CREDANT Technologies logo, and the Be Mobile Be Secure tagline are trademarks or registered trademarks of CREDANT Technologies. All other names, brands or products referenced are the service marks, trademarks, or registered trademarks of their respective companies.
|DSS Home | About Us | Contact Us | Site Index | Subscribe | What's New|
|Copyright © 1995-2021 by D. J. Power (see his home page). DSSResources.COMsm was maintained by Daniel J. Power. See disclaimer and privacy statement.|