Security holes that’ll keep you up at night: Doing some data breach math Posted on February 28, 2012 by Tim Burke Over the last few weeks, I’ve taken a look at what you can do to boost your organization’s IT security. But it occurs to me that maybe I’ve put the cart before the horse. So I’m going to spend the next few weeks delving into the sort of threats your business’s IT infrastructure faces. And I’m going to start with data breaches and the most recent big-headline example: Zappos (parent company is Amazon.com), which last month admitted it suffered a data breach that compromised 24 million customer accounts. Here’s some perspective on what 24 million breached data records actually means: According to a 2010 Ponemon Institute/Symantec study, the average cost of a data breach stood at $214 per record. Keep in mind that this number comes from what’s now well-aged research. Data breach costs climb every year. In 2010, for instance, the average cost of a data breach stood 9% higher than in 2009 — and the cost of a 2010 malicious data breach jumped 48% over 2009. But hey, let’s stay conservative when we contemplate what that January data breach might cost Zappos. Let’s use the Ponemon Institute/Symantec study 2010 per record average cost of $214 (rather than the $235-255 or more that’s probably closer to the truth) and do the math: $214 x 24,000,000 = $5,136,000,000. Ouch.