BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Data breaches to cost more in the cloud

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 8 Apr 2010 21:40:33 -0400
http://www.securecomputing.net.au/News/171606,data-breaches-to-cost-more-in-the-cloud.aspx

By Liz Tay
Apr 9, 2010 9:49 AM

Remedying a data breach costs 40 percent more for businesses that
store their data offshore, a study of Australian incidents has found.

Conducted by the Ponemon Institute and PGP Corporation, the inaugural
Australian Cost of a Data Breach report aimed to quantify the costs
associated with public and private sector data breaches.

Sixteen organisations participated in the study between September 2009
and January, all of which had experienced one or more data breach
incidents during the past year.

The incidents that were reported involved between 3,300 and 65,000
compromised records, and were found to cost an average of $123 per
compromised record.

Incidents that involved a third party -- such as a cloud computing or
software-as-a-service (SaaS) provider -- had a higher average cost of
$152 per record, compared to $109 for incidents that occurred and were
handled in-house.

PGP CEO Phillip Dunkelberger told iTnews that organisations operating
in the cloud incurred higher costs because of issues to do with
territorial jurisdictions, and additional investigation and consulting
fees.

"I think the cloud is coming in a big way, but the people promoting it
have got to be careful they don't confuse basic data security with the
legal and jurisdictional issues that come when you've got data spread
around the world," he said.

"Fundamentally, clouds have a different legal and jurisdictional
profile, especially when they cross national boundaries," he
explained.

"You've got to deal with how do we do the research into what happened,
how do we deal with two legal teams, multiple IT teams, and that's why
third party breaches are much more costly than remedying it on your
own."

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: