UK Companies Sufferers of Information Leak Valuing £1.4 Million

As per a research by privacy investigators at the Ponemon Institute, conducted under the leadership of Symantec, a security company, and PGP Corporation, an encryption company, revealed that leakage of information costs to UK enterprises a median of £1.4 Million in 2007, as reported by ZDNet on February 25, 2008.

The research titled, "2007 Annual Study: UK Cost of a Data Breach", gathered responses from 21 UK based companies, which had been victims of information breaches in 2007. These companies, however, excluded organizations of the public sector.

Commenting on how data breach ranked, Guy Bunker, Chief Scientist for UK-based Symantec, said most breaches occur due to company procedures and processes so organizations need to take care of that first and then, determine if any insider or malicious piece might be inflicting networks or not, as reported by ZDNet on February 25, 2008.

Researchers for the study found that malware are responsible for only 3% of the data breaches whereas hacking caused 6% of the breaches. Another reason for data breaches, according to the researchers, accounted to missing laptops or devices like USB portable drives.

Giving own opinion about the study findings, President and Chief Executive of PGP Corporation, Phil Dunkelberger, said that organizations' IT divisions must stay ahead of fresh developments like virtualization, a technology that has made computer security harder, as reported by ITPRO on February 25, 2008.

Further, according to Bunker, companies should scan the IT security and privacy policies of suppliers or partners. If the vendors are not able to readily present their policies, it's probably time to look for other suppliers. Bunker said that it is also important to scan the policies of the suppliers' chain of outsourcing agents to remain informed.

Finding Bunker's comments useful, Dunkelberger, revived calls for notification of data breaches at the UK or EU. But, also said that it is important to devise one law for all companies, as reported by ITPRO on February 25, 2008.

Dunkelberger further described the frequently cited American system that is flawed as all the 40 states have separate legislation for notification and that requires different filings. For multinational corporations there are even more distinct rules.

Related article: US Passes Baton to Asia in Spam Relay

» SPAMfighter News - 3/12/2008