Forbes Magazine: The $100 Billion Problem No One Is Talking About

Originally posted on Forbes.com

Kevin West is CEO of K logix, a data security software company.

When we start to talk losses in hundred of billions of dollars, it’s easy for our eyes to glaze over. It’s a big number. Hundreds of billions is reserved for things like out-of-control healthcare costs. But healthcare gets plenty of attention from government, private corporations and consumers. You know what else will cost the United States hundreds of billions of dollars by 2018? Data loss.

In fact, if data loss continues on its current trends, it will cost the U.S. economy $290 billion by 2018. This equates to 1.6% of  GDP. The 2010 U.S. budget allocated $290 billion to Medicaid – that’s a topic that gets plenty of attention. But the $290 billion problem of data protection is largely ignored, even by those most effected by it – U.S. corporate executives.

Think I am overestimating the growing problem of data security? Here are a few current trends that nearly guarantee data protection costs will continue to spiral out of control.

  • Intellectual Property in Foreign Hands: Globalization has had a dramatic impact on our intellectual property. International threats to data come from two primary sources – the offshore outsourcers we contract with for product development who can then make bootlegged or pirated copies of our products; and malicious cyber attacks by organizations and governments in China, Russia and other locations. According to the BBC, Robert Bryant, a U.S. national counter-intelligence executive, told reporters that online spying was a ‘menace’ to our economy.
  • Cyber Security Training: The nation’s premier universities and colleges continue to put grants, funds and educational emphasis on healthcare, engineering, pharmaceuticals and finance, with little attention to training the brightest minds in how to protect the important information our innovative and skilled labor force creates. While data security analyst is a fast growing job category, according to a 2011 Robert Half study, there is little formal training offered in the subject of cyber security. As a result we rely on self-taught hackers to fill these jobs, people who choose to use their talents to do good work with corporations, but could just as easily turn to cyber crime.
  • ‘Bring Your Own Device’ Policies in the Workplace: Many companies are moving to a ‘bring your own device’ policy that allows employees to choose which smartphone, tablet or even laptop they use.  Whether a formal policy is in place or not, most companies can assume their employees are using personal devices to access company data. A September 2011 Forrester Research report showed that 48% of information workers bought smart phones to use for work purposes without considering the requirements and policies of their IT department.  Without control of the device it is difficult to ensure they are locked down. If you do not own the device, who owns the data on it when your relationship with the employee ends?

What Can You Do to Buck the Trend?

  • Make this National Problem Personal: Most executives are singularly focused on the revenue and performance of their own organizations. They don’t have the time nor the inclination to focus on national trends, so we need to examine the impact these numbers have on individual corporations. How much revenue will you lose as a result of data breaches by 2018? The average company can expect to lose 1.6% of revenue each year. That means a $500 million company can expect to lose $8 million right off the top line. Ask your CEO and CFO if investors will accept an$ 8 million loss on the company balance sheet.
  • Make Data Security a Competitive Advantage: According to a recent PwC Health Research Institute online survey of 1,000 consumers, if cost, quality, and access were equal among choices, a third of those consumers would be swayed to select one hospital over another if one had clearer privacy and security policies. No smart executive will turn a blinds eye to acquiring 33% of a competitor’s market share.

Wondering how to prove your data security efforts are just average (and thus at risk)? To start, ask your team these simple questions.

  • Do you have a procedure in place for action following a cyber attack?
  • Are you certain your employees do not send intellectual property or private data over any Internet channel, including Gmail and Facebook?
  • Are you certain all corporate access is shut down once a consultant leaves your organization?
  • Do you understand the security policies of your off shore providers?

If you answered “no” to any of these questions, then you are likely exposed to significant revenue loss.

    Subscribe

    Stay up to date with cyber security trends and more