In the GRC this week, Symantec and the Ponemon Institute have put a figure on how much data breaches are costing companies and offer an online tool for calculating your risk, OpenLogic is worried about software compliance in Android and iPhone/iPad releases, Kroll opens a document review center, while McAfee opens a data storage center with added security in the UK.

Data Breach Costs Rising

If you’ve been trying to quantify just how much a data breach could cost, then Symantec (news, site) and the Ponemon Institute (news, site) have done just that, with this year’s version of the 2010 Annual Study: U.S. Cost of a Data Breach report.

And it’s all bad news for those who refuse to believe that this is not a problem. The report shows that data breaches grew more costly for the fifth year in a row with the average organizational cost of a data breach rising to US$ 7.2 million, an average of US$ 214 per compromised record.

No surprise that this is markedly higher when compared with US$ 204 in 2009. The study also found that, for the second straight year, organizations' need to respond rapidly to data breaches drove the associated costs higher.

The sixth annual Ponemon Cost of a Data Breach report is based on the actual data breach experiences of 51 U.S. companies from 15 industry sectors. Findings from the study include:

  • Rapid response to data breaches is costing companies 54% more per record than companies that moved more slowly.
  • 43% of companies notified victims within one month of discovering the breach, up seven points from 2009. In 2010; these quick responders had a per-record cost of US$ 268, up 22% from 2009; companies that took longer paid US$ 174 per record, down 11%.
  • Malicious or criminal attacks are the most expensive and are on the rise. In this year's study, 31% of all cases involved a malicious or criminal act, up seven points from 2009, and averaged US$ 318 per record, up 43% from 2009.

Companies can analyze their own risk by visiting Symantec's Data Breach Risk Calculator. Based on six years of trend data, the calculator takes into account an organization's size, industry, location and security practices to estimate how much a data breach would cost on both a per-record and organizational basis. Check out the calculator here. You will also find the report on the Symantec site.

OpenLogic Assesses Software Compliance

More research, this time from OpenLogic (news, site) about iPhone and Android compliance breaches. According to OpenLogic’s scan and license compliance assessment of 635 mobile applications, 71% of Android, iPhone and iPad apps containing open source code failed to comply with basic open source license requirements.

Using its scanner, OSS Deep Discovery, OpenLogic scanned compiled binaries, and source code where available, for the applications to identify open source under GPL, LGPL and Apache licenses.

For the 66 applications scanned that contained Apache or GPL/LPGL licenses, 71% failed to comply with four key obligations that OpenLogic analyzed.

It also found that, among the applications that use the Apache or GPL/LGPL licenses, the compliance rate was only 29%. Android compliance was 27% and iPhone/iOS compliance was 32%. Overall compliance of Android applications using the GPL/LGPL was 0%.

McAfee’s Secure Data Center

You may recall that, last week, McAfee and Intel announced that they had closed the deal that would see Intel (news, site) picking up McAfee (news, site). Clearly a change of ownership was not going to stop business as usual, which was underlined this week by the announcement that McAfee has opened its fifth cloud data center in the past 12 months.

The newest data center, located in London, expands the company’s McAfee’s global cloud security footprint, which already includes centers in Amsterdam, Sydney, Tokyo and cities across North America.

While this is good for McAfee, it is also good for enterprise users, as it will make migration to the cloud easier and, more important for many, more secure. In this respect, McAfee recently attained ISO27001 (information security management) certification for the operations of its email and web services. Undoubtedly there will be a lot more on this in the coming year.

Kroll’s Doc Review Center

Meanwhile, information management vendor Kroll Ontrack (news, site) has announced the launch of a document review facility in Dallas. The latest addition to the Kroll Ontrack network of document review facilities throughout the United States, the Dallas review center aims to help both law firms and corporations more efficiently and defensibly manage document reviews.

In addition to benefiting from local document review managers, staff and expert tools and processes, Kroll Ontrack provides a single-service provider throughout the entire discovery process, simplifying the transition from processing to document review and finally production.

In fact, Kroll says that by using its review center, users can cut their document review costs by as much as 50% by eliminating the time associated with contracting an additional third party and the errors commonly associated with transitioning review data.

It also manages project timelines, budget constraints and production obligations. This includes designing and implementing document review procedures that best suit each case, as well as daily communications, status logs and productivity reports throughout the review.

With e-Discovery costs rocketing, it’s a certainty that we’ll be seeing a lot more of these kinds of things in the near future. Watch this space.