You are currently browsing the Electronic Payment Security weblog archives for November, 2006.
- February 7, 2007: New Techniques for Guarding Financial Data
- February 6, 2007: Increased Scrutiny From Card Associations in 2007
- January 28, 2007: The State of PCI Compliance 2007
- January 23, 2007: Background Checks on IT Personnel
- January 5, 2007: 100 Million Notifications of Data Breaches in US
- December 17, 2006: Inside Jobs: The Risk of Data Breach From Insider Threats
- December 12, 2006: Card Associations Step Up PCI Enforcement
- December 1, 2006: CompTIA Survey Emphasizes Importance of Security Training
- December 1, 2006: CompTIA Survey Emphasizes Importance of Security Training
- November 16, 2006: Average data breach costs $5 million
Credit Card Companies
FAQ
Helpful Sites
Archive for November 2006
Average data breach costs $5 million
November 16, 2006 by tim.
Network World’s 11/6/06 edition features an article that focuses on the costs of data breaches. The headline is “Average data breach costs companies $5 million” which clearly summarizes the entire article. The article is based on results from a study conducted by the Ponemon Institute.
According to the Privacy Rights Clearinghouse, there have been 254 data-breach incidents this year. The Ponemon study found that it costs an average of $182 for each compromised data record, which is up from $138 last year, an increase of over 30%.
At first glance, these numbers seem exorbitant. According to Andrew Krcik with PGP, “By not connecting the dots, companies are not seeing the true costs and, therefore, the true value of preventative measures.” So the old adage, an ounce of prevention is worth a pound of cure, certainly rings true regarding data security.
Posted in Data Breach Regulations | No Comments »
49 Million People in US Notified of Data Breaches Since 2004
November 13, 2006 by tim.
According to an article on TechWeb on November 10, 2006, an estimated 49 million adults in the US have been notified “that their personal information has been lost, stolen, or improperly disclosed” during the past three years. The survey concludes that data breaches have affected 1 in 5 adults in the US. The survey was conducted by Harris Interactive in October.
The Fraud Update column in the November 2006 issue of Transaction World addresses several pertinent data security topics, including the impact of version 1.1 of the PCI Data Security Standard. Bryan Sartin, Managing Principal of CyberTrust in Herndon, VA, emphasizes how important it is for merchants to know where sensitive customer data (such as cardholder information) is stored and who has access to it. “Companies need to have a data retention plan and a data control policy in place.” He also makes a very significant assertion: “There’s no record of any merchant being compromised who’s PCI compliant.”
As one who has been through the PCI certification process, it is comforting to know that no PCI compliant company has been hacked. However, the real key is that PCI compliance is NOT a one-time event — it dictates a constant, methodical process to ensure that data is always secure.
Posted in Data Breach Regulations | No Comments »