Security breaches ‘could lead to corporate collapse’

24 Apr 2007

In the wake of the controversy surrounding the hacking of private information on TK Maxx’s computer system, a significant majority of IT professionals believe a major security breach could lead to the collapse of a large corporation.

A survey of 1,400 global IT professionals by IT security software vendor McAfee found that one third of the professionals believe that a major data loss incident involving accidental or malicious distribution of confidential data could put them out of business.

“Six in 10 companies admitting a breach in just the past year is ample proof that more needs to be done to address this very serious problem,” said Dave DeWalt, president and chief executive officer at McAfee.

“Awareness alone isn’t enough. To protect customers, employees and shareholders, data loss prevention needs to become a top priority at every level of the organisation, from the boardroom to the lunch room,” DeWalt explained.

The research suggests that while awareness regarding the danger of breaches is high, the problem is growing.

Some 60pc of survey respondents said they had experienced a data breach in the last year. Only 6pc could say with certainty that they had not experienced a breach in the past two years.

Despite the prevalence of breaches, enterprises are still devoting just a fraction of their IT budgets to the problem.

On average, businesses spend just half of 1pc of their overall IT budgets on security.

A data breach that exposes personal information could cost companies on average US$268,000 to inform their customers, even if the lost data is never used.

Around 61pc of the survey’s respondents think that data leakage is the doing of insiders and 23pc believe those leaks are malicious.

Nearly half of respondents to the McAfee survey said they don’t debrief or monitor employees after they have given notice that they are leaving the companies.

Calculating the total average cost of data leakage, 23pc of respondents estimated it came to US$1.82m.

Loss of intellectual property and financial information were rated as the two most valuable classes of data that could be lost – with the average estimated cost of leaked financial data reaching US$1.68m.

By John Kennedy