85% of Consumers Believe Online Fraud is a Growing Concern: ThreatMatrix

Research Study: 

Information Consumers Will Allow a Trusted Online Business to Check

Only 12% of Consumers Stated They Think Companies are Getting Better at Protecting Their Personal Information Online

LOS ALTOS, CA – April 26, 2011 – ThreatMetrix™, the fastest growing provider of cloud-based fraud prevention solutions that do not require personally identifiable information (PII), today announced some results of a joint study with the Ponemon Institute that reveals consumers’ growing concern over online fraud. The research, which surveyed consumers on their awareness and confidence in online fraud prevention, was compiled in a report, “Consumers’ Reaction to Online Fraud.”

Results showed that 85% of survey respondents reported being worried and dissatisfied with the level of protection online businesses are providing to stop fraudsters today, which is up 5% from a 2009 Ponemon study that asked the same question. Forty-two percent of respondents, in fact, said they have been the victim of online fraud. Of those, 80% said they did not report the crime, however, and only 19% said they reported it only to the online business directly.

“A lot of fraudulent activity goes unreported today, making it difficult for online businesses to fully understand the prominence and seriousness of the problem,” said Reed Taussig, president and CEO, ThreatMetrix. “With a rise in online transactions and activities across devices, more needs to be done to educate online merchants, banks, social outlets and other businesses on how to decrease fraudulent activity.”

What Online Businesses Can Do to Combat Fraud

The survey respondents who expressed concern over online fraud said they felt online merchants, banks and social networks need to take additional steps to prevent fraudsters from stealing consumer information.

Nearly three in four respondents would allow a trusted online business to place an invisible cookie on their computer to automatically authenticate them, and 82% indicated that they would expect an online business to offer alternative authentication methods if they were unable to match the consumer’s digital fingerprint to their security system.

“Our survey results help validate the need and consumer preference for technology, such as device identification, to authenticate identity as opposed to using personally identifiable information,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Consumers expressed much more willingness to share data like ISP, computer serial number, type and make, rather than information like date of birth and telephone number.”

Information Consumers are Willing to Allow a Trusted Online Business to Check to Verify Their Identity, or Digitally Fingerprint Their Computer:

1. Serial number of computer 88%

2. Type and make of your computer 83%

3. Internet service provider 76%

4. Browser settings 71%

5. Type of browser 65%

6. IP address 59%

7. Types of software applications residing on your device 54%

8. Email address 46%

9. Purchase history 39%

10. Planned future purchases 35%

11. Date of birth 34%

12. Telephone number 17%

13. Home address 16%

14. Name 14%

15. Zip code 9%

16. Social Security number 4%

17. Driver’s license number 2%

Consumer Sentiment Around Promotion of Fraud Detection Technology

Based on survey findings, consumers have a positive perception about companies that use authentication and fraud detection tools to prevent online fraud. Fifty-six percent of consumers even indicated they are ‘more willing’ to shop or browse an online business if they know that company is taking specific measures toward combating fraud. However, the majority of respondents stated a preference for companies to share information about their device for authentication purposes — as opposed to sharing personal information to verify their identity.

“Some e-tailers today are promoting ‘anti-virus’ or ‘secure transaction’ messaging online, when they should also be touting ‘anti-fraud’ messages as well,” said Taussig.

The research also looked at consumer sentiment about fraud prevention across the banking, social media and Web 2.0 industries and mobile channel. For more information about the findings, download a copy of the report at http://info.threatmetrix.com/ConsumerSurveyOnlineFraud2011.html.

Additional Resources

• Datasheet on the ThreatMetrix Cloud-Based Fraud Prevention Platform

• Blog on the ThreatMetrix Cloud-Based Fraud Prevention Platform

• ThreatMetrix SmartID Demo

About Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. For more information, visit www.ponemon.org.

About ThreatMetrix

ThreatMetrix helps companies stop web fraud and accelerate e-commerce in real-time so they can significantly reduce online fraud, acquire more customers faster, reduce costs, and increase customer satisfaction. The ThreatMetrix Cloud-Based Fraud Prevention Platform, incorporating ThreatMetrix SmartID cookieless device identification, provides online businesses with the ability to protect themselves and their customers by verifying new accounts, authorizing payments and transactions and authenticating user logins in real-time. Online businesses can deploy the ThreatMetrix Cloud-based Fraud Prevention Platform, which does not rely on personally identifiable information (PII), for traditional online activity via a personal computer as well as for mobile and tablet devices. The company serves a rapidly growing customer base around the world across a variety of industries including social networks (dating, gaming), financial services, e-commerce, affiliate marketing and payments. For more information, visit www.threatmetrix.com or call 1-650-625-1451.

© 2011 ThreatMetrix. All rights reserved. ThreatMetrix, the ThreatMetrix Cloud-Based Fraud Prevention Platform, ThreatMetrix SmartID, ThreatMetrix ExactID, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts:

Dan Rampe
ThreatMetrix
Tel: 650-417-6122
Email: drampe@threatmetrix.com

Lauren Eichmann

Walker Sands Communications

Tel: 312-265-3089

Email: lauren.eichmann@walkersands.com

Related articles

• Study: Consumers' Reaction to Online Fraud (brianpennington.co.uk)
• 75% Of SMB Banking Fraud Occurs Online (informationweek.com)
• America's Most Fraud-Ridden States (huffingtonpost.com)

First-Ever Global Cost of a Data Breach Study Shows Organizations Paid $3.43 million per Breach in 2009

Press Release: First-Ever Global Cost of a Data Breach Study Shows Organisations Paid USD 3.43 million per Breach in 2009

U.S. corporations faced highest costs among world powers – existence of breach notification laws affected cost numbers country-to-country

InfoSecurity Europe, Earls Court, London /  April 2010 – Privacy and information management research firm Ponemon Institute, together with PGP Corporation, a global leader in trusted data protection, today announced the results of the first-ever global study into the costs incurred by organisations after experiencing a data breach. The 2009 Annual Study: Global Cost of a Data Breach report, compiled by The Ponemon Institute and sponsored by PGP Corporation, assesses the actual cost of activities resulting from more than one hundred real life breach incidents, affecting organisations from 18 different industry sectors.

The research shows that the average cost of a data breach globally stood at USD3.43 million last year, the equivalent of USD142 per compromised customer record. However, costs varied dramatically between regions, from USD204 per lost record in the U.S., down to USD98 per record in the UK. A total of 133 organisations, located in five countries – Australia, France, Germany, UK and U.S. – participated in the research, which was undertaken during 2009. The average costs of a data breach in all five countries were as follow:

Country

Av. Cost per record (USD)

Av. Total cost of a breach (USD)

Australia

114

1.83 million

France

119

2.53 million

Germany

177

3.44 million

UK

98

2.57 million

U.S.

204

6.75 million

Average

142

3.43 million

Breach notification laws and regulations significantly increase costs

The report shows that costs incurred in countries with data breach notification laws were significantly higher than in countries where no such legislation exists. For example, in the U.S., where 46 states have now introduced laws forcing organisations to publicly disclose the details of breach incidents, the cost per lost record was 43 percent higher than the global average. In Germany, where equivalent laws were passed July 2009, costs were second highest; 25 percent above the worldwide average. In Australia, France and the UK, where data breach notification laws have not yet been introduced, costs were all below the average.

“The over-arching conclusion from this study is the staggering impact that regulation has on escalating the cost of a data breach,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “The U.S. figures are testament to this and it’s clear that, as and when breach notification laws are introduced across the rest of the world, other countries will follow the same pattern and costs will rise.”

In the UK, where only public sector and financial organisations currently face regulatory pressure to disclose breaches, costs were lowest: 45% below the global average, and equating to less than half the expense incurred by U.S. firms.

“It’s perhaps no surprise that, in the U.S., where data protection laws are both stringent and mature, the financial fallout of a breach is at its most severe; however, the relatively low levels of expense incurred by British firms may raise a few eyebrows,” commented Jonathan Armstrong, technology lawyer at Duane Morris. “With the UK Information Commissioner’s Office toughening its stance on data protection, imposing hefty fines and scrutinising more and more organisations, it will be interesting to see how steeply UK costs rise in the future.”

Lost business due to reduced customer trust is the greatest contributor to costs

Almost half (44 percent) of the incurred data loss expenses related to the cost of lost business, reflecting the added expense of consumer churn and the increased difficulty of attracting new customers in the wake of negative publicity. Again, costs varied dramatically between countries and were highest in the U.S., where the cost of lost business was on average equivalent to 66 percent of overall expenses.

Country

% cost caused by lost business

Australia

33%

France

30%

Germany

34%

UK

46%

U.S.

66%

Average

44%

"It doesn't matter where they're located, if a company gains a reputation for being careless with confidential data, the brand will suffer," said Phillip Dunkelberger, president and CEO of PGP Corporation. "Data is currency, it needs to be protected. Data breach notification laws mean consumers are informed; more countries around the world are looking to tighten their data protection legislation as they realize lost data means an increase in customer turnover."

Detection and escalation costs affected by compliance requirements

The cost of detecting and escalating a breach were particularly high in Germany (USD52 per lost record), reflecting the investment required in new technologies and processes in order to comply with the country’s recent notification legislation. In the U.S., where laws were first enforced in 2005, these costs were small by comparison (USD8) and have decreased over recent years, suggesting that American organisations have developed more efficient detection and escalation processes over time. French, Australian and UK firms should expect their costs to follow the same trend, initially rising in order to ensure compliance with emerging regulations and then declining once processes become more refined.

Country

Cost of detection/escalation processes (USD)

Australia

38

France

36

Germany

52

UK

18

U.S.

8

Average

31

Third party flubs and criminal attacks both drive up costs

When a third party was responsible for the data loss incident, costs rose in all countries, reflecting the additional forensics and investigations required to detect and remediate the breach. However, the financial impact of third party mistakes varied greatly across the world, causing costs to rise by just 12 percent in the U.S., up to a staggering 116 percent in France.

Country

% of breaches caused by third party

% increase in cost

Australia

31

39

France

41

116

Germany

27

31

UK

36

31

U.S.

42

12

Organisations suffering a data loss incident as a result of malicious or criminal activities also incurred higher costs, with French companies once again experiencing the greatest negative impact. With malicious attacks on the rise across all countries, and accounting for between 24 and 54 percent of incidents, organisations should take a more proactive approach to protecting their data from theft in order to reduce costs.

Country

% of breaches caused by criminal attack

% increase in cost

Australia

44

61

France

35

121

Germany

54

23

UK

24

25

U.S.

24

7

Strong CISO leadership helps costs fall

Where the organisation’s chief information security officer or equivalent took personal responsibility for managing the breach, costs fell in all five countries. However, CISO-managed events only occur in a minority of cases, with the majority of organisations either not employing a CISO, or not making them directly responsible for data breach incidents.

Country

% of breaches managed by CISO

% reduction in cost

Australia

44

3

France

41

12

Germany

36

45

UK

39

12

U.S.

40

33

“The positive news from this research is that, no matter where a company is based, or the laws they must abide by, senior level involvement from a CISO is proven to drive down overall data breach costs,” continued Dunkelberger. “Going forward, organisations would be well advised to create such a role if they want to minimise the fallout from a data breach.”

A copy of the study, is available from PGP Corporation at: www.encryptionreports.com

About the Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About PGP Corporation

PGP Corporation is a global leader in email and data encryption software. Based on a unified key management and policy infrastructure, the PGP® Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP® platform-enabled applications allow organizations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

PGP® solutions are used by more than 110,000 enterprises, businesses, and governments worldwide, including 87 percent of the Fortune® 100, 73 percent of the Fortune® Global 100, 80 percent of the German DAX index, and 60 percent of the U.K. FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies' brands and reputations. Contact PGP Corporation at www.pgp.com.

Related articles by Zemanta

• Perception of Data Security at Odds with Reality, Accenture Study Finds (eon.businesswire.com)


• Cost of a Data Breach - $204 per record (pindebit.blogspot.com)


• Data Breaches: The Insanity Continues (pindebit.blogspot.com)


• Third Annual UK Ponemon Study Shows the Cost of a Data Breach Continues to Increase (pindebit.blogspot.com)

First-Ever Global Cost of a Data Breach Study Shows Organizations Paid $3.43 million per Breach in 2009

Press Release: First-Ever Global Cost of a Data Breach Study Shows Organisations Paid USD 3.43 million per Breach in 2009

U.S. corporations faced highest costs among world powers – existence of breach notification laws affected cost numbers country-to-country

InfoSecurity Europe, Earls Court, London /  April 2010 – Privacy and information management research firm Ponemon Institute, together with PGP Corporation, a global leader in trusted data protection, today announced the results of the first-ever global study into the costs incurred by organisations after experiencing a data breach. The 2009 Annual Study: Global Cost of a Data Breach report, compiled by The Ponemon Institute and sponsored by PGP Corporation, assesses the actual cost of activities resulting from more than one hundred real life breach incidents, affecting organisations from 18 different industry sectors.

The research shows that the average cost of a data breach globally stood at USD3.43 million last year, the equivalent of USD142 per compromised customer record. However, costs varied dramatically between regions, from USD204 per lost record in the U.S., down to USD98 per record in the UK. A total of 133 organisations, located in five countries – Australia, France, Germany, UK and U.S. – participated in the research, which was undertaken during 2009. The average costs of a data breach in all five countries were as follow:

Country

Av. Cost per record (USD)

Av. Total cost of a breach (USD)

Australia

114

1.83 million

France

119

2.53 million

Germany

177

3.44 million

UK

98

2.57 million

U.S.

204

6.75 million

Average

142

3.43 million

Breach notification laws and regulations significantly increase costs

The report shows that costs incurred in countries with data breach notification laws were significantly higher than in countries where no such legislation exists. For example, in the U.S., where 46 states have now introduced laws forcing organisations to publicly disclose the details of breach incidents, the cost per lost record was 43 percent higher than the global average. In Germany, where equivalent laws were passed July 2009, costs were second highest; 25 percent above the worldwide average. In Australia, France and the UK, where data breach notification laws have not yet been introduced, costs were all below the average.

“The over-arching conclusion from this study is the staggering impact that regulation has on escalating the cost of a data breach,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “The U.S. figures are testament to this and it’s clear that, as and when breach notification laws are introduced across the rest of the world, other countries will follow the same pattern and costs will rise.”

In the UK, where only public sector and financial organisations currently face regulatory pressure to disclose breaches, costs were lowest: 45% below the global average, and equating to less than half the expense incurred by U.S. firms.

“It’s perhaps no surprise that, in the U.S., where data protection laws are both stringent and mature, the financial fallout of a breach is at its most severe; however, the relatively low levels of expense incurred by British firms may raise a few eyebrows,” commented Jonathan Armstrong, technology lawyer at Duane Morris. “With the UK Information Commissioner’s Office toughening its stance on data protection, imposing hefty fines and scrutinising more and more organisations, it will be interesting to see how steeply UK costs rise in the future.”

Lost business due to reduced customer trust is the greatest contributor to costs

Almost half (44 percent) of the incurred data loss expenses related to the cost of lost business, reflecting the added expense of consumer churn and the increased difficulty of attracting new customers in the wake of negative publicity. Again, costs varied dramatically between countries and were highest in the U.S., where the cost of lost business was on average equivalent to 66 percent of overall expenses.

Country

% cost caused by lost business

Australia

33%

France

30%

Germany

34%

UK

46%

U.S.

66%

Average

44%

"It doesn't matter where they're located, if a company gains a reputation for being careless with confidential data, the brand will suffer," said Phillip Dunkelberger, president and CEO of PGP Corporation. "Data is currency, it needs to be protected. Data breach notification laws mean consumers are informed; more countries around the world are looking to tighten their data protection legislation as they realize lost data means an increase in customer turnover."

Detection and escalation costs affected by compliance requirements

The cost of detecting and escalating a breach were particularly high in Germany (USD52 per lost record), reflecting the investment required in new technologies and processes in order to comply with the country’s recent notification legislation. In the U.S., where laws were first enforced in 2005, these costs were small by comparison (USD8) and have decreased over recent years, suggesting that American organisations have developed more efficient detection and escalation processes over time. French, Australian and UK firms should expect their costs to follow the same trend, initially rising in order to ensure compliance with emerging regulations and then declining once processes become more refined.

Country

Cost of detection/escalation processes (USD)

Australia

38

France

36

Germany

52

UK

18

U.S.

8

Average

31

Third party flubs and criminal attacks both drive up costs

When a third party was responsible for the data loss incident, costs rose in all countries, reflecting the additional forensics and investigations required to detect and remediate the breach. However, the financial impact of third party mistakes varied greatly across the world, causing costs to rise by just 12 percent in the U.S., up to a staggering 116 percent in France.

Country

% of breaches caused by third party

% increase in cost

Australia

31

39

France

41

116

Germany

27

31

UK

36

31

U.S.

42

12

Organisations suffering a data loss incident as a result of malicious or criminal activities also incurred higher costs, with French companies once again experiencing the greatest negative impact. With malicious attacks on the rise across all countries, and accounting for between 24 and 54 percent of incidents, organisations should take a more proactive approach to protecting their data from theft in order to reduce costs.

Country

% of breaches caused by criminal attack

% increase in cost

Australia

44

61

France

35

121

Germany

54

23

UK

24

25

U.S.

24

7

Strong CISO leadership helps costs fall

Where the organisation’s chief information security officer or equivalent took personal responsibility for managing the breach, costs fell in all five countries. However, CISO-managed events only occur in a minority of cases, with the majority of organisations either not employing a CISO, or not making them directly responsible for data breach incidents.

Country

% of breaches managed by CISO

% reduction in cost

Australia

44

3

France

41

12

Germany

36

45

UK

39

12

U.S.

40

33

“The positive news from this research is that, no matter where a company is based, or the laws they must abide by, senior level involvement from a CISO is proven to drive down overall data breach costs,” continued Dunkelberger. “Going forward, organisations would be well advised to create such a role if they want to minimise the fallout from a data breach.”

A copy of the study, is available from PGP Corporation at: www.encryptionreports.com

About the Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About PGP Corporation

PGP Corporation is a global leader in email and data encryption software. Based on a unified key management and policy infrastructure, the PGP® Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP® platform-enabled applications allow organizations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

PGP® solutions are used by more than 110,000 enterprises, businesses, and governments worldwide, including 87 percent of the Fortune® 100, 73 percent of the Fortune® Global 100, 80 percent of the German DAX index, and 60 percent of the U.K. FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies' brands and reputations. Contact PGP Corporation at www.pgp.com.

Related articles by Zemanta

• Perception of Data Security at Odds with Reality, Accenture Study Finds (eon.businesswire.com)


• Cost of a Data Breach - $204 per record (pindebit.blogspot.com)


• Data Breaches: The Insanity Continues (pindebit.blogspot.com)


• Third Annual UK Ponemon Study Shows the Cost of a Data Breach Continues to Increase (pindebit.blogspot.com)