Lost Laptops Cost $1.8 Billion Per Year - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Lost Laptops Cost $1.8 Billion Per Year

Only one-third of missing laptops have full-disk encryption for preventing data breaches, finds Ponemon study of European firms.

In the past year, 275 businesses in Europe have lost a combined 72,000 laptops, costing those organizations a total of $1.8 billion. Of the 265 laptops lost by the average organization per year, a company will typically only recover 12.

Those findings come from a new study from Ponemon Institute, sponsored by Intel. The report provides an interesting comparison to a recent study of laptop loss in the United States, also conducted by Ponemon, which found that the problem led to losses of $2.1 billion for surveyed companies, or $6.4 million per business. In the U.S. study, 329 organizations surveyed lost more than 86,000 laptops over the course of a year.

While the estimated costs of losing a laptop might seem high, the laptop itself is the least expensive cost involved. Indeed, according to Ponemon, cleaning up the resulting data breach typically accounts for 80% of the cost estimate. Other costs include forensics, lost productivity, legal bills, regulatory expenses, and lost intellectual property.

In Europe, the riskiest places to lose a laptop appear to be anywhere away from the office. In particular, 42% were lost offsite, such as when working from a home office or hotel room, while 32% were lost in transit or when traveling. Still, a surprising number--13%--were lost in the workplace, and an equal percentage of companies didn't know where laptops went missing.

Patterns of laptop loss between the United States and Europe are very similar, according to a blog post from Intel's Patrick Ward. "Like the U.S., the education and research, and health and pharmaceutical industries in Europe experienced the highest rate of laptop loss," he said. "This is most likely due to the fact that both industries have similar characteristics like high mobility."

What might not be surprising in the wake of seemingly nonstop breaches involving laptops that store sensitive information in unencrypted format--such as BP losing a laptop in February that contained Gulf claimant data--is that 31% of lost laptops stored sensitive or confidential information in unencrypted format. Indeed, only 34% of lost laptops used disk encryption, while 7% used some other type of anti-theft feature. In terms of recovering data, only 26% of lost laptops had full-disk imaging backup, though obviously many organizations use other types of backup capabilities.

Laptops that store valuable information are the most likely to be stolen. On the flipside, the study also found that they're the most likely to have full-disk encryption. "Our results suggest companies experiencing a higher theft rate are more likely to use disk encryption as a safeguard," according to the study. "In addition, companies choosing disk encryption are likely to have employees who routinely carry sensitive or confidential data on their laptop computers."

Why do laptops containing unencrypted, sensitive information continue to get lost and stolen? "If I read about one more laptop stolen out of a car that has 10,000 people's information on it, including social security numbers, I'm going to scream--it's inexcusable," said Linda Foley, founder of the Identity Theft Resource Center. "Why in the world would a company allow a policy to be in place where they could find it acceptable that [personally identifiable information] would leave the premises? For what reason does that need to be on a portable computer that goes back and forth--or any mobile device?"

One technique for stopping laptop loss was broached at least as far back as 2003 in Corporate Counsel magazine. The chief privacy officer at a back-office processing company for medical records made workers pay out of pocket for the cost of a lost or stolen laptop. That led to a 50% reduction in laptop loss--as well as a sharp rise in the use of cable locks--for the nearly 40,000 employees who used laptops.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll