I attended an eye-opening press briefing the other day where George Thangadurai, strategic planning director for Intel’s Anti-Theft Program, Ponemon Institute founder Larry Ponemon; and Rex Rountree, an encryption expert from Intel’s IT group disclosed details from a study that calculated the actual cost of losing or having notebook computer stolen, a rapidly growing problem. The basic message to the millions of us mobile workers was: Hang onto that laptop.
Chain it to you if you must because if it’s lost or stolen the bill to your company will be $49,264 on the average. The “Cost of a Lost Notebook,” study was commissioned by Intel and conducted by the Ponemon Institute. You can find an overview of the findings in the news release.
Intel undertook the study to better understand the problem and devise remedies that are simpler than handcuffing yourself to your notebook. In January, Intel introduced Anti-Theft Technology as one way to help make laptops less appealing to thieves. Anti-Theft Technology works by locking a computer reported lost or stolen either from a remote server or from policies embedded into the PC. Once locked, the computer is useless until recovered at which time IT can issue the owner a password to make it functional once again.
Intel works with computer makers and service providers, such as Absolute, Lenovo, PGP and Phoenix to implement Anti-Theft Technology. If used in conjunction with a hard-disk encryption service vendor, such as PGP, Anti-Theft Technology can house the encryption keys, which are normally stored on the hard disk, in the chipset. If the PC turns up missing, the keys can be deleted. So, even if a thief has the passwords to unencrypt the drive, they are useless and the data protected. If the thief removes the hard disk from a locked computer in hopes of installing it in another computer to gain access to the data, he leaves the keys locked behind But, back to the study.
That $50,000 cost, which I suspect has any CFO reading this clutching his chest, results, of course, from this potential compromise of data. In fact, responding to a data breach is responsible for about 80 percent of the cost, according to the study. The rest covers investigating the loss, the price tag for any lost intellectual property, legal expenses and making regulatory disclosures. Let’s also not forget the disruption to an employee whose entire job function likely hinges on his computer.
So, what can a company do? The study concludes that encryption helps. It knocks about $20,000 of the bill. Why doesn’t it eliminate all of the expense? Encryption depends on who has access to the encryption credentials to decipher the data. If they’ve somehow been compromised or you’re dealing with a disgruntled employee, then even the most elaborate cipher won’t help. It also depends on employees actually using the encryption features and on which data they encrypt.
So, in the end, cutting the cost of missing laptops requires a multifaceted blend of technology and practices. Rex added that training employees how to protect their notebooks goes a long way in cutting the risk as well.
After the briefing, I still had some questions and caught up with George, Larry and Rex for a chat. If you’d like to listen to the briefing, it’s available at 1-800-475-6701, conference ID# 997098.
Ever had a laptop stolen or have any thoughts on preventing theft? I’m sure everyone would be interested in your comments.