According to Ponemon, the average cost of a data breach to an organization in 2011 was $5.5 million -- that's actually down by almost 25 percent from last year, and the lowest cost per record lost since 2007.
The reason for this seeming good news isn't all that good, however. It seems that businesses lost fewer customers as a result of data breaches, in part because people "are maybe becoming a little numb" to the news, says Dr. Larry Ponemon, head of the institute that bears his name. Quoth the good doctor:
Maybe most of us by now have received one if not more [data breach] notifications. Over time, if you don't become a data breach victim as a result of the event, it begins to lose its impact. These notifications are becoming almost ubiquitous. It's hard to determine which ones I should care about.
Glass half-empty, glass half-full, or glass with a crack in the bottom where the data leaks out all over the floor -- take your pick.
Throw out the series of attacks on Sony's online networks -- where something like 100 million records were breached, or nearly all of the thefts attributable to the hacktivistas -- though, and the Verizon numbers start to come a lot closer to Ponemon's.
Unless you paint a big bull's-eye on your back by doing something stupid and/or angering the unwashed hacking masses, you're probably not going to get the attention of the Anons. For most organizations, the boogie man is still themselves.
Who's the biggest threat to your data: hackers or insiders? Issue your warnings below or email me: firstname.lastname@example.org.
This article, "Will the real security threat please stand up?," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.