A recent independent study done by the Ponemon Institute and commissioned by Intel, found that lost or stolen laptops cost their corporate owners an average of $49,246. The Ponemon Institute analyzed 138 instances of lost or stolen laptops to better understand the problems and costs. The study found that sensitive data, rather than the cost of the computer itself, is the main factor that increases the costs of such an incident. The enormous price tag for the lost or stolen computer reflects costs associated with replacement, detection, forensics, data breach, lost intellectual property, lost productivity, and legal, consulting, and regulatory expenses.
Interestingly, the study shows that the faster a company learns of the missing computer, then the lower its costs. The average cost to the company if the laptop is discovered missing the same day is $8,950. If the company does not learn of the loss or theft for more than a week, that figure can be as high as $115,849. Also noteworthy is the study’s conclusion that encryption makes a big difference. On average, loss of an encrypted hard drive is valued at over $37,000, while a non-encrypted hard drive amounts to more than $56,000.
I think this is a fascinating study with a great deal of data that has not been previously available. It should prove useful to policymakers as they examine how to deal with data breach and security policy issues.