This is a brief extract from the White Paper published by Osterman Research which is available to download here Dealing with Data Breaches and Data Loss Prevention
The costs associated with a data breach can be enormous. Aside from the long term impacts that include lost revenue, CEO and CIO firings, bad publicity, expensive remediation efforts and the like, the immediate cost can be significant. For example, our research found that in the immediate aftermath of a data breach, a median of 4.3 IT and related staff members per 1,000 organization employees are assigned to deal with the initial stages of the data breach as their primary responsibility, while a median of 4.4 IT and related staff members per 1,000 organization employees are assigned to follow-up activities as their primary job.
Let’s assume that for a 5,000-employee organization there will be 21.5 (4.3 x 5) IT and related staff members assigned to investigating and otherwise dealing with a data breach in the first month following its discovery, and that there will be 22 staff members (4.4 x 5) for four months thereafter (we are assuming here that these individuals are working full-time on addressing the breach). Further, let’s assume that the average, fully burdened salary for these individuals is $110,000 annually ($52.88 per hour), the total cost of IT and related staff member labor for the initial stage of the breach will be just over $197,000, while the cost of staff members after the initial stages will be nearly $807,000. Therefore, the total cost of the initial and follow-on efforts will be just over $1 million, or just over $200 per organization employee in just the first five months following discovery of the data breach.
This of course will be exacerbated by the proposed fine of 2% of global revenue for unreported data breaches in the EU.
PAOGA strongly believes that a way to significantly reduce this risk is to provide employees, contractors, suppliers and customers with shared Personal Clouds in which the data owner has control over who is authorised to access appropriate Confidential Business Information or Private Personal Information.