Lost or stolen laptops cost corporations $2.1 billion a year, according to a study of 329 companies. The loss per company is $6.4 million per year.
Security experts say that represents a huge risk for corporations that their lost data will fall into the wrong hands. Wikileaks’ publication of state secrets has demonstrated what can happen when the government loses control of its data. That should be a wake-up call for corporations, who are also extremely vulnerable given loss rates.
Collectively, the companies studied said their employees lost more than 86,000 laptops during one year alone. The study by Intel and the Ponemon Institute showed that the cost per laptop was $49,246, a number that includes the cost of replacements and investigations related to the loss. The losses also include costs related to lost intellectual property, reduced productivity and legal and regulatory charges.
In a three-year span, the chance that a laptop will be lost or stolen is 5 to 10 percent. About 25 percent of lost laptops are due to theft, and another 15 percent are likely lost to theft. Some 60 percent are simply missing.
Those numbers are staggering. Intel clearly wants to do something about this, as it acquired security vendor McAfee for $7.68 billion earlier this year.
While encryption of the laptop’s hard disk is an easy solution, many employees avoid it because of perceived cost, which is fairly minimal, and the belief that it would slow down the laptop. While it does slow the computer’s boot time by seconds, the slowdown isn’t that noticeable given the advanced state of encryption today, said Malcolm Harkins, Intel chief information security officer.
“We have such an easy fix that can reduce a ton of risk,” said Kevin Beaver, an independent security consultant and author of Hacking for Dummies, on a panel today held by Intel.
The percentage of losses is highest in the education and research arena, where 10.8 percent of all laptops are lost or stolen during a three-year period. For health and pharmaceutical companies, the number is 10.1 percent. The public sector is 9.1 percent, while technology and software is 5.7 percent and financial services is 5.2 percent.
“My advice is, be careful about your data and use technologies to protect your data as well,” said Anand Pashupathy, general manager of anti-theft services at Intel. “You’d be amazed at how many companies do not have encryption.”
About 46 percent of lost laptops were reported to contain sensitive or confidential data. But only 30 percent were encrypted, 29 percent were backed up, and 10 percent had some kind of anti-theft feature such as Lojack, which can track a lost laptop and disable it remotely.
About 33 percent of laptops are lost during travel. Some 43 percent are lost off-site. About 12 percent are lost at work, and 12 percent are lost in unknown locations. The largest number are lost in transit.
The problem has been around for a while, but it’s a tough one to solve.
“There’s a huge gap between security employees and senior leadership,” said Larry Ponemon, co-author of the study.
Employees are also pretty absent-minded. One employee lost 11 laptops in two years. In the case of Wikileaks, an Army private with computer skills is suspected of leaking critical documents about the wars in Iraq and Afghanistan as well as secret U.S. diplomatic cables. A video about the study is below.