It is a paradox of sorts. On the one hand, there has been a rise in data theft, especially from stolen devices and there is a corresponding increase of related costs. However, on the other hand, many small to medium organizations still fail to deploy any form of data leak prevention, whether it be device control, endpoint DLP, or DLP appliances.

Let us consider a couple of surveys that were recently published on www.encryptionreports.com. According to one report, in Germany, the average organizational cost of a data breach was €2.58 million in 2009, up by 7% from €2.41 million in 2008. In the UK, figures show a slight overall decline from £1.73 million in 2008 to £1.68 million in 2009, down by 3%. However, the average cost per compromised data has gone up 7% from £60 in 2008 to £64 in 2009. Across the Atlantic, the US seems to have a slight increase as well from $6.65 million in 2008 to $6.75 million in 2009. It was predicted by IDC that over 45% of all PCs in the world will be laptops by 2009. According to a 2008 study sponsored by Dell, over 15,600 laptops are lost per week by business travelers in US and European airports alone! A single stolen laptop can cost a company over $4,556.00. However, that does not include the value of the lost or stolen data.

The average cost of lost records containing personal information is $197 per record with an average loss of 31,979 records. A data breach is estimated to be a net loss of $6.3 million.

Mr David Janowski in his article on a popular investment news website states that recent reports of data loss due to theft should make IT security advisors pause and consider how to keep their clients’ data safe. He states that the Financial Industry Regulatory Authority Inc. and the Securities and Exchange Commission suggest encryption as one way to safeguard client data. Failure to protect such critical data would only lead to loss of reputation.

On the long run, only companies that protect consumer data will survive.

IT security expert Dr Prof. Sachar Paulus vehemently states, “The biggest risk for the company is the reputation damage they will be exposed to. Consumers tend to move to service providers that handle their interests with care, and especially their data. On the long run, only companies that protect consumer data will survive.”

State Participation

It would be heartening to note that many governments across the globe have taken this issue up seriously. In the US, Mr Janowski says, states will follow the example set by Nevada and Massachusetts if the federal government doesn’t step in first.

“The Nevada law, passed in 2008 and recently expanded, protects personal information that is stored or transmitted by businesses and just about any other type of organization. The provision in the Massachusetts law broader and applies to all persons that own or license personal information about a resident of the state. That law requires the encryption of all transmitted records and files containing personal information, whether that transmission is over a wired or wireless public network.”

Rapidly changing government data regulations also needs to be addressed. Regulations such as HIPAA, PCI DSS, and Sarbanes-Oxley require robust electronic data protection management. Such laws require protection of credit card information, health records, and financial records.

The cost of lawsuits and legislative compliance related fines can be substantial simply due to lost, stolen, or even just unprotected data. Companies should also be wary of irreversible damage to corporate reputation because of data breaches.

However, there is one expert company that provides the ideal solution when it comes to data encryption – SECUDE. SECUDE’s FinallySecure is the only full disk encryption solution that offers complete coverage of enterprise systems with both software and hardware support. FinallySecure allows your business to survive, adapt, and grow in a heterogeneous IT environment.

For further information about SECUDE and what they can provide you, please visit www.secude.com.