Do you feel luck kid, well do you?

How likely is your firm to lose, or have stolen, sensitive data that will harm the reputation and brand of the firm, and result in financial consequences for the organization? 

Based on recent IT PCG benchmarks conducted with 903 firms and 834 recent records maintained by Attrition.org, you are going to be unlucky, more frequently (Figure 1).

Figure 1: Likelihood of data loss or theft among small and midsize businesses

Source: IT Policy Compliance Group, 2007

Some small and midsized businesses experience thefts or losses of sensitive data more often while others are blissfully worry-free  For example, some $100 million organizations are losing sensitive data once every seven years.  By comparison, other $100 million firms are delaying the onset of data loss and theft to once every fifty-five years.

Guidance recommendations

The cost of data loss and theft includes litigation settlements, lowered profits, declines in market capitalization, shareholder dissatisfaction, customer defections and revenue declines.  In short, losing data directly affects more than the brand: it impacts the bottom line and competitive advantage of the firm.

Prudence dictates that you should:

·       Measure the effectiveness of procedural and technical controls at least monthly

·       Keep control objectives focused on critical data

·       Educate the workforce and foster compliance

© IT Policy Compliance Group, 2007