The current economic climate dictates that businesses must eliminate all unnecessary spending. Cost-cutting is typically accomplished in one of two ways: by reducing quality or by getting the most out of a business’ investment.

Reducing quality in this scenario tends to include postponing or dramatically cutting back on investments in compliance and data security projects, but this is false economy. Managing a data breach is always a significantly more expensive proposition than preventing one.  Security spend figures produced by government and private research firms indicate that enterprises can put strong security into place for less than 10% of the average cost of a breach.

Expenditures associated with a major data breach include:

• Cost of detection and determination of response
• Cost of down time
• Cost of customer remediation
• Cost of corporate remediation
• Cost of brand impact and lost business
• Cost of fraudulent use of data and associated fines

As is typical during difficult times when people are out of work, angry about losing their jobs and/or frantically scrambling to meet their own financial obligations, attacks against data are on the rise. The “2009 Verizon Business Data Breach Investigations Report” indicates that data attacks began spiking in 2008, as the economy began its dramatic crash, with data attacks exposing more records than in the previous four years combined. The study also found that nine out of 10 breaches would have been avoidable if the right security protections had been in place.

Rather than skimping on security and compliance efforts its far better to implement a risk-adjusted data protection plan centered on an organization’s unique data risk factors. Risk-adjusted data security enables an enterprise to devote their budget and efforts where they matter most and achieve exactly the right balance between cost and security.

For a detailed explanation of how to implement a risk-adjusted data security plan, you can download Developing, Deploying and Managing a Risk-Adjusted Data Security Plan: A Cost-Effective Approach to Holistic Data Protection.

Here’s a brief overview of how it works:

• Develop a risk profile of all collected and stored data. Data that is resalable for a profit — financial, personally identifiable and competitive IP information — is high-risk data; classify other types of data according to its value to your organization and the cost of potential exposure.
• Map the data flow to determine where data resides in your organization.
• Conduct an end-to-end risk analysis on the entire environment to identify points where data might be exposed.
• Compare these findings with current favored data attack vectors (at the moment, web services, databases and data-in-transit) to identify the highest risk areas in the enterprise ecosystem. High risk data residing in places where many people can/could access it is obviously data that needs the strongest possible protection.
• Develop a staged plan to secure data according to its risk level. After high-risk, critical data is properly protected move onto securing less sensitive assets.

Download our White Paper at http://protegrity.com/whitepapers