Data disclosures cost millions; prevention costs $100 per laptop

Regarding the Lost Laptop Epidemic: Independent IT analyst Jack E. Gold estimates that companies will spend about $35 in notification costs for each exposed customer. Multiply $35 by the number of exposed records and you quickly get into big bucks just to notify the affected customers. But the cost doesn't stop there. Remediation costs such as a credit monitoring service can add several million dollars. Furthermore, a company may lose a lot of angry customers (maybe 20%?), Gold says in a June 5 brief. And if the government assesses any fine or penalities, well, the total cost could exceed $10 million in one case, Gold says. (Martin McKeay estimates the Veterans Affairs mega-disclosure could cost more than $1 billion -- $25 million of which has already been allocated.)

It doesn't have to be this way. Gold urges companies to immediately add security and management suites to all mobile devices carrying any type of sensitive data (i.e., virtually all devices). He says:

At $100-$150 per device, the cost is relatively low compared to the potential exposure caused by even one device being involved in data loss. Many vendors of security management products focused on the mobile user exist (e.g., iAnywhere, Credant, Pointsec, Trust Digital, Good Technologies, and others), as do secure connectivity solutions (e.g., Ecutel, iPass, Padcom, Columbitech, etc.).

The relatively small cost of these products offers a substantial ROI if they prevent even one data loss episode. In any event, they provide an insurance policy that should be required for any company which provides their users with mobile devices.

----------
Computerworld's continuing coverage of data security breaches is here.