Storage

12:32 PM
Connect Directly
RSS
E-Mail
50%
50%

Data Breach Notification Laws Influence Storage Location Decisions

McAfee and SAIC study finds that about 70% of organizations that store sensitive data abroad choose to do so in countries with lenient breach notification requirements.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Many companies that look to process and store sensitive data -- including intellectual property -- abroad as a cost-cutting measure are seeking countries with minimal data breach notification requirements, according to a survey of 1,000 senior IT decision makers by market research firm Vanson Bourne. The survey was sponsored by Intel's McAfee and Science Applications International Corporation (SAIC).

The economic downturn has been driving companies to process and store more types of sensitive information abroad, according to the survey. Today, about 50% of organizations said they would do this as a cost-cutting measure. Meanwhile, about 33% of organizations said they want to store more sensitive information outside their home borders, which is an increase from 20% in 2008.

Interestingly, about 80% of organizations said that their choice of data storage locale is influenced in part by a country's data breach laws. About 70% of organizations that do store information abroad select countries with more lenient notification rules.

Geographically speaking, which countries are the safest for storing data? "While attacks are hard to trace back to a specific country, China, Russia, Pakistan are perceived to be the least safe for data storage," according to a related report from McAfee and SAIC. Those rankings remain unchanged from 2008, as do the countries perceived to be the safest places for storing data: the United Kingdom, Germany, and the United States.

When it comes to companies that have experienced data breaches, 30% of organizations said they report all breaches, 60% pick and choose, and 10% admit that they only report a data breach when legally obligated to do so. The average cost of a breach, according to the report, exceeds $1.2 million, which is up significantly from 2008, when it was $700,000.

After a breach, many organizations fail to establish who was involved and what exactly was stolen. According to the report, "only a quarter of organizations conduct forensic analysis of a breach or loss, and only half take steps to remediate and protect systems for the future after a breach or attempted breach." Half of organizations said they've stopped investigations, at least once, because of the projected cost.

According to the report, the biggest threat to intellectual property remains insiders who leak information, whether unintentionally or otherwise. "Employees' adherence -- or lack thereof -- to security procedures is considered to be the greatest challenge to organizations' information security," said the report. "This ranked higher than other challenges, including multiple systems within the organization or the insecurity of supply chain partner systems."

Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed