Data breach events have signicantly increased the cost of doing business.
Since February 15, 2005, Privacy Rights Clearinghouse, a San Diego-based nonprofit organization, has tracked the data breaches of more than 650 companies and organizations totaling 158 million records. The breached data includes the employee and customer information that has been lost or stolen from financially strong and technology-driven companies, universities and organizations.
A study, released by the Ponemon Institute in October 2006, found that the total cost of a data breach averaged $182 per lost customer record. It divided the costs into three groups: direct incremental costs, which averaged $54 per lost record including discounts; notification letters, legal fees, lost productivity costs, which averaged $30 per lost record including lost time of employees; and customer opportunity costs, which averaged $98 per lost record including cost of lost customers and cost of acquiring new customers.
According to Bryan Thornton, managing director of Net Reaction, an information security consulting firm, companies should be prepared to review and implement a comprehensive Information Security Readiness Plan to protect sensitive data.
Some companies offer an identity-theft managed recovery benefit as an employee, customer or member benefit to mitigate risk. Managed recovery means that a professionally trained and Fair Credit Reporting Act (FCRA) certified recovery advocate will handle an identity theft victim’s case until said victim is returned to pre-identity theft event status.