Metrics That Matter: Data Loss

It is estimated that data loss costs U.S. businesses average $12-418 billion per year and, on average, each hour of downtime costs $50,000. The average cost to re-enter 20 megabytes of data is between $17,000 and $19,000 and takes between 19 and 21 days[i]. The cost to recreate data from scratch is estimated to be between $2000 and $8000 per megabyte[ii]. A data loss event can be catastrophic occurrence; 60% of companies that lose their data close within 6 months of the event and 72% fail within 24 months[iii].

The leading causes of data loss are: hardware or system malfunctions (40-44%), human error (29-32%), software corruption (13-14%), computer viruses (6-7%), theft or data breach (9%), hardware destruction or natural disasters (3%)[iv]. The leading causes of data theft are: attacks from external sources (73%), theft by business partners (39%), and attacks from internal sources (18%)[v]. It estimated that: 1 in 5 computers will suffer a fatal hard drive crash within its lifespan, 15% of laptops are stolen or lost (approximately 2000 per day), and, on average, a hard drive fails every 15 seconds[vi].

Based on trend data, annual data loss rates will continue to rise due to (1) the increased reliance on laptops as there are more likely to suffer damage/malfunction losses and (2) more data being stored. Conservative estimates place the U.S. data growth rate at 80% per year[vii].

So, to answer Carolyn Elefant’s comment to LPM Tools: Metrics That Matter, it is not only that potential breaches are possible; it is that the danger of data loss is fairly likely and can be extraordinarily costly. That’s the bad news. The good news is that the risk can be easily mitigated by investing in technology that reduces the possibility of data loss. The simplest measures are to use anti-virus software, backup systems, laptop tracking systems like LoJack, and to password protect computer systems. More complex measures would be to make use of data mirroring (RAID-1) drives and hot-swappable disk systems (RAID-5).

While there is not a single source for data loss analysis, Data breach analysis is provided by US-CERT website and the Open Security Foundation.

See also:


[i] Ontrack – 2001 Cost of Downtime Survey Results, 2001

[ii] Ontrack – 2001 Cost of Downtime Survey Results, 2001

[iii] National Archives & Records Administration in Washington

[iv] Ontrack – 2001 Cost of Downtime Survey Results, 2001 and The Safeware Insurance Agency – 2000 Safeware Loss Study

[v] Verizon Business Risk Team – 2008 Data Breach Investigations Report

[vi] Ontrack – 2001 Cost of Downtime Survey Results, 2001

[vii] Jon Toigo, Storage Disaster: Will You Recover