Many of our readers are members of information security and compliance teams for their employer’s organization. And, when looking for more support from management regarding their projects — involving risk management and risk mitigation of information security and privacy concerns surrounding the laptop computers utilized by their fellow employees or associates — we would like to offer a reading of the recently released Ponemon Institute LLC’s study entitled, “The Billion Dollar Lost Laptop Problem”.
We believe that spreading fear, uncertainty and doubt is a shortsighted approach to getting security and compliance support from management. However, hard numbers such as these in the Ponemon study can really help secure an interest in and a support for proactive methodologies and controls to help reduce those risks associated with laptop computers, smartphones, iPads, and other newly integrated devices into an organization’s structure of information exchange management. We also believe that this study is important because it attempts to establish measurements revealing the significant cost to organizations as a result of lost or missing laptop computers.
While we all may agree that lost or stolen laptop computers are costly to organizations — this report puts more objective estimates around what we already suspect — i.e. it is really not the replacement cost of that computer that presents serious financial penalty implications for companies. In fact, it is the data and the risk of a data breach that represents nearly 80% of the total cost of a lost laptop.
The study also estimates the average cost per lost laptop in 2010 — as determined from the participants in this report — is $25,450 U.S. dollars.
In addition, there are some great comments about this risk management topic and regarding observations from this Ponemon report made by Kevin Beaver on the SearchCompliance.com website. Read more in Kevin’s article.
If you found this information applicable, please pass it on to those information security, network security, compliance preparedness or enterprise risk management team members in your organization.