Intelligence In Software: IT Software Strategy
The Billion Dollar Lost Laptop Problem
By The editors of Intelligence in Software for Intelligence In Software
Every time a business laptop is lost or stolen, an organization takes a direct cost hit. But how much of a hit might surprise you. What would your organization do if it realized that each year it’s losing millions of dollars in this way? Odds are, it would be far more diligent in protecting laptops. Last year, the Ponemon Institute released a study (conducted independently and sponsored by Intel) of The Billion Dollar Lost Laptop Problem, an independent benchmark of 329 private and public-sector U.S. organizations — ranging in size from less than 1,000 to greater than 75,000 employees and representing more than 12 industry sectors — to determine the economic cost of lost or stolen laptops. What they found: The cost is huge. Participating organizations reported that in a 12-month period 86,455 laptops were lost or otherwise went missing. That added up to 263 laptops per organization on average. According to an earlier Ponemon Institute study (conducted independently and sponsored by Intel), The Cost of a Lost Laptop, the average value of a lost laptop is a staggering $49,246. This value is based on seven cost components: replacement cost, detection, forensics, data breach, lost intellectual property costs, lost productivity and legal, consulting and regulatory expenses. It’s important to point out that the smallest cost component is the replacement cost of the laptop. Some of the salient findings from The Billion Dollar Lost Laptop Problem report:
- The total economic impact for 329 participating companies is $2.1 billion, or on average $6.4 million per organization.
- Out of the 263 laptops per organization that are lost or go missing, on average just 12 laptops were recovered.
- Forty-three percent of laptops were lost off-site (working from a home office or hotel room); 33 percent lost in transit or travel; and 12 percent were lost in the workplace.
- Twelve percent of organizations said they don’t know where employees or contractors lose their laptops.
- Although 46 percent of the lost systems contained confidential data, 30 percent of laptops lost had disc encryption, 29 percent had backup, and just 10 percent had other anti-theft features.
- Industries that experience the highest rate of laptop loss are education and research; health and pharmaceuticals were next, followed by the public sector. Financial services firms had the lowest loss rate.
- Laptops with the most sensitive and confidential data are the most likely to be stolen. However, these laptops are also more likely to have disc encryption.
- Average loss ratio over the laptop’s useful life is 7.12 percent. That means more than 7 percent of all assigned laptops in benchmarked companies will be lost or stolen.
But Who’s Minding the Data? Not nearly enough organizations, it appears. Given the significant financial impact of missing laptops and the vulnerabilities of stolen laptop data, it is astonishing that the majority of these companies aren’t taking even basic precautions to protect them. The worst cost component is the data breach. A stolen laptop can be easily booted to reveal passwords, stored temporary files the user was even unaware of, and access to VPN connections, remote desktops, wireless encryption keys and more. That’s enough reason to do something. Here are your best options for protecting your organization’s data integrity against all of that potential mayhem.
- Full Disk Encryption: Full disk encryption prevents unauthorized access to data storage. Under this scenario, nearly everything is encrypted, and the decision of which individual files to encrypt is not left up to users’ discretion. But all too often, end users choose to disable the full disk encryption, probably because they incorrectly assume it significantly slows all of the processing.
- Anti-Theft Technology: Laptops can disable themselves, when the hardware observes suspicious activity, if they get lost or stolen. When the laptop is recovered, it can be easily reactivated and returned to normal operation.
- Data in the Cloud: Keeping sensitive material off your laptop by storing data in the cloud is not a viable solution, because that does nothing to protect the data. Such data is easily accessible by simply cracking the login credentials. Worse yet, the existence of a full backup actually increases the cost of a lost laptop, because backups make it easier to confirm the loss of sensitive or confidential data, resulting in greater expense from forensic diagnosis and recovery efforts.
Just like Smokey the Bear says about you and forest fires, only you can stop data loss.