Infosec: Missing Laptops Lose Over A Billion Euros

A European survey on the economic costs of almost 73,000 lost or stolen laptops puts the bill into billions

The Ponemon Institute surveyed 275 European organisations in its latest lost laptop report to determine the economic consequences of having a laptop lost or stolen.

Participating businesses admitted to losing almost 73,000 laptops during a 12-month period for a total economic impact of €1.29 billion (£1.14 billion), according to the The Billion Euro Lost Laptop Problem report. The researchers calculated that, on average, each laptop lost amassed costs of about €35,284 (£31,108) in 2010.

Economic impact included the cost of replacing the physical laptop, lost productivity, legal, regulatory and consulting expenses and costs related to detection, forensics and data breach. The replacement cost of the device was actually the smallest component, the researchers said.

Plugging The Security Holes

Last month, oil giant British Petroleum announced that an employee had lost a company-issued laptop during regular business travel. The computer, which was not encrypted, contained sensitive information on 13,000 individuals who had filed compensation claims after the disastrous April 2010 fire and oil spill at the Deepwater Horizon drilling platform in the Gulf of Mexico.

Based on figures from a recent Ponemon report calculating the costs of a data breach, this one laptop incident alone could cost BP in the neighbourhood of $2.78 million (£1.68 million).

This latest report included both lost and stolen laptops. The majority of the misplaced devices, at about 61 percent, were lost, the respondents said, and 14 percent were “likely” to have been stolen.

The European study complemented the earlier Ponemon Institute’s December study which surveyed 329 organisations in the United States about laptop loss. Respondents lost more than 86,000 laptops over the course of a year, according to The Billion Dollar Lost Laptop Study. The report valued the total cost at $2.1 billion (£1.3 billion) at the time.

When the resulting losses from the European study are combined with the US one, the total damages balloon to $3.9 billion (£2.4 billion) across almost 160,000 lost laptops in the space of one year, Patrick Ward wrote on an Intel blog.

While 42 percent of laptops were lost off-site, 32 percent were lost while in transit, according to the European study. Researchers found that while laptops were more likely to be lost off-site, such as at home, in a hotel or a conference, laptop theft tended to occur in-transit, such as at an airport or on the train. This pattern was also found in the US study.

Only 34 percent of lost laptops were encrypted, 26 percent were backed up regularly, and seven percent had other anti-theft features enabled, according to the European report.

There were other similar trends in the European and US studies. Both reports found that roughly 30 percent of the lost laptops contained confidential data that was not encrypted. In this case, confidential data referred to either personal identifying information or intellectual property.

Mobile Workforces Increase Vulnerability

In the European report, two industry segments, education and research and health and pharmaceutical, experienced the highest rate of laptop loss and consumer goods had the lowest. The researchers speculated the segments with a highly mobile workforce was the most vulnerable. The same industry sectors were highlighted in the US report, but financial services had the lowest loss rate.

Researchers recommended that organisations use anti-theft and data protection measures to secure the data in case of loss. “Based on the costly consequences of lost laptops, the business case can be made for allocating the necessary resources to stop the loss and protect the data,” the researchers wrote.

Employees should also be trained on keeping laptops safe and the focus should be on what to do when they are not in the office, as most losses happen off-site. Companies with 5,000 to 25,000 employees also experienced the highest rate of laptop loss, according to both studies. Companies with less than 1,000 employees had the lowest rates.

The European study surveyed organisations in the United Kingdom, France, Germany, the Netherlands, Belgium, Italy, Sweden and Spain. The three largest industry sectors represented in the study were government, financial and industrial.