spacer About Us Contact Us Resellers My Account Cart Contents Checkout
 

Article: Cost of a Lost Laptop White Paper

The Cost of a Lost Laptop

By Dr. Larry Ponemon April 22, 2009

Sponsored by Intel Corporation
Independently conducted by Ponemon Institute LLC
Publication: April 22, 2009

Ponemon Institute©

Executive Summary

An increasingly mobile workforce is putting corporations’ sensitive and confidential information at great risk. It is the information age and employees are carrying more information on their laptops than ever before. These so called power users of corporate data are losing their laptops at such diverse locations as airports, conferences, in taxis, in rental cars and in hotels, just to name a few locations vulnerable to losing a laptop. With each lost laptop there is the risk that sensitive data about customers, employees and business operations will end up in the wrong hands.

The Cost of a Lost Laptop study conducted by Ponemon Institute and sponsored by Intel Corporation, is the first benchmark study to estimate the full cost associated with a lost or stolen laptop. The benchmark analysis focuses on representative samples of organizations in the US that have experienced laptop loss or theft within the last 12-month period.

In total, 138 separate cases involving a lost laptop computer used by an employee, temporary employee or contractor. It is our belief that this study will help companies understand the financial implications when just one employee or contractor’s laptop is missing or stolen.

Among the study’s key findings:

  • The average value of a lost laptop is $49,246. This value is based on seven cost components: replacement cost, detection, forensics, data breach, lost intellectual property costs, lost productivity and legal, consulting and regulatory expenses.
  • What makes a lost laptop costly to a company is the potential for a data breach to occur. In the cases we studied, the occurrence of a data breach represents 80% of the cost.
  • The second highest cost component is attributed to intellectual property loss. When the cost of a data breach is removed, intellectual property loss represents 59% of the total cost.
  • The faster the company learns that a laptop is lost, the lower the average cost. If a company discovers the loss in the same day, the average cost is $8,950. If it takes more than one week, the average cost rises significantly to approximately $115,849.
  • Lost productivity is not a significant cost to companies. When employees have down time due to losing their laptops, it represents only 1% of the total cost.
  • While lost laptop costs appear to be correlated to position in an organization, the most senior level respondents do not experience the highest average cost. The average cost of a lost laptop for a senior executive is $28,449 and the highest average costs are for manager and director, $60,781 and $61,040 respectively.

Other important findings include:

  • There is an inverse relationship between the average cost of a lost laptop and the existence of a full backup. The average cost of a lost laptop with a full backup is $69,899 as opposed to $39,253 when there is no backup system. One plausible reason for this is that the backup makes it easier to confirm the loss of sensitive or confidential data. In other words, it could be the ignorance is bliss hypothesis.
  • Encryption makes a difference. There is almost a $20,000 difference between lost laptops that had encryption installed versus those that did not have encryption.
  • The cost of a lost laptop varies by industry. The average full cost of a lost laptop is highest for services industry ($112,853) followed by financial services ($71,820), healthcare ($67,873) and pharmaceutical ($50,393). The industries with the lowest average cost per lost laptop are retail ($8,756) consumer products ($2,194) and manufacturing ($2,184).
  • The average data breach cost of a lost laptop also varies by industry. The highest average data breach cost is in the services industry ($108,699) followed by financial services ($68,862), healthcare ($43, 547) and pharmaceutical ($42,027). The lowest average data breach cost is for government ($12,017) followed by retail ($3,620) and manufacturing ($44).
  • The average cost of lost intellectual property varies by industry. Technology has the highest cost ($18,205) followed by healthcare ($17,999) and communications ($17,818).

As more employees are provided laptops as their primary computer, the risk of a data breach due to a lost or stolen computer is increasing. Cost-effective enterprise anti-theft solutions are now available to secure data stored on laptops. These include poison pills, data recovery, audit trail and encryption.

This report enables organizations to understand in detail the specific costs involved in a lost laptop. This report can be used as a guideline to create cost estimates. These estimates may then be compared with the cost of technology to protect sensitive and confidential information on laptops.

Introduction

The Cost of a Lost Laptop study conducted by Ponemon Institute and sponsored by Intel Corporation, is the first benchmark study to estimate the full cost associated with a lost or stolen laptop. It is our belief that this study will help companies understand the financial implications when just one employee or contractor’s laptop is missing or stolen. The benchmark analysis focuses on representative samples of 29 organizations in the US that have experienced laptop loss or theft within the last 12-month period.

Of the 29 participating organizations, healthcare represents 14%, services and financial services both represent 13%. The primary collection channel for this research was in-person meetings and telephone interviews. No personal or business confidential data was collected and all work was conducted in accordance with CASRO standards.

Our benchmark focused on the cost measurement of physical equipment, lost productivity and lost or compromised information assets. We recruited a proprietary panel of organizations that shared confidential information for purposes of custom benchmarking. By design our instrument uses a fixed format template to ensure response objectivity and high accuracy.

Following are the most salient findings of this survey research. Please note that most of the results are displayed in bar chart format.

The average cost of a lost laptop is $49,246. This average value is extrapolated from actual case histories reported by participating companies. Only a small number of lost laptop cases result in material losses in excess of $200,000. There is a significant variation among the laptop loss cases with a range of $1,213 to $975,527.

To measure average lost laptop cost, we built a cost accounting framework that includes seven defined components or categories associated with laptop loss or theft. The framework is based on our empirical observations by the researcher as well as direct input from a panel of privacy and information security experts. The cost components are defined as follows:

Cost 1 => Laptop replacement cost with software and corporate overhead allocated.

Cost 2 => Detection and escalation of cost. This cost is based on the employee’s time spent trying to recover the laptop and reporting the incident)

Cost 3 => Forensics & investigation cost. This cost is based on the hours of IT employees who perform forensic analysis.

Cost 4 => Data breach cost. This cost was derived from Ponemon Institute’s Fourth Annual Cost of a Data Breach Study which estimated that the average cost to companies that had a breach was $202 per record).

Cost 5 => Lost intellectual property costs. The survey asked respondents if the lost laptop contained intellectual property or other business information that was not encrypted. We then estimated the cost of intellectual property or other business confidential information and the probability that this information would be discovered by a competitor or other adverse party.

Cost 6 => Lost productivity cost was the downtime for the employee whose laptop was lost and was based on an estimated hourly rate x 2.5 to reflect organizational value of labor.

Cost 7 => Other legal, consulting or regulatory cost.

Table 1 provides the average cost for each of one of the seven components. As can be seen, data breach cost is the most significant component, followed by IP loss and laptop replacement.

Table 1: Seven cost component Average cost
Laptop replacement cost 1,582
Detection & escalation cost 262
Forensics & investigation cost 814
Data breach cost 39,297
Intellectual property loss 5,871
Lost productivity cost 243
Other legal or regulatory costs 1,177
Total $49,246

Lost productivity is low for all industries. Because technology is the industry most dependent on laptops, the average employee productivity loss for this industry is the highest at $708. The next highest average cost due to lost productivity is education at $315, retail at $283 and pharmaceutical at $279.

The cost of tech support to perform forensic analysis varies according to industry. The average cost of tech support is highest for the communications industry at $1,735 followed by pharmaceutical at $1,490, technology at $1,331 and healthcare at $1,045.

Encryption makes a difference. When lost laptops have encryption, the average cost of the lost laptop is $37,443. If it is not encrypted, the average cost is $56,165. This is almost a $20,000 difference in the cost.

The existence of a full backup increases the average cost of the lost laptop. There is an inverse relationship between the average cost of a lost laptop and the existence of a full backup. The average cost of a lost laptop with a full backup is $69,899 as opposed to $39,253 when there is no backup system. One possible reason for this is that the backup makes it easier to confirm the loss of sensitive or confidential data. In other words, it could be the ignorance is bliss hypothesis.

Time to discover the occurrence of a lost laptop affects the average cost. The faster the company learns that a laptop is lost or stolen, the lower the average cost. If a company discovers the loss in the same day, the average cost is less than $9,000. If it takes more than one week, the average cost rises significantly to almost $116,000.

Implications for organizations

As more employees are provided laptops, the risk of a data breach due to a lost or stolen computer is increasing. The average cost of a lost laptop is highest when a data breach occurs. The study also reveals the following implications for companies and recommended practices for organizations.

Protection of the sensitive data on the computer is critical. Not surprisingly, lost or stolen laptops are costly to organizations. But it’s not the replacement cost that should have companies concerned. Rather, it is the data and the risk of a data breach that can have serious financial implications for companies. The cost of a data breach represents 80% of the total cost of a lost laptop compared to 2% for replacing the computer. Encryption on average can reduce the cost of a lost laptop by more than $20,000.

Conduct training and awareness programs for all employees who have laptops. The laptops of managers and directors have a higher average cost per lost laptop than the laptops of executives. If employees understand what it costs their companies to lose a laptop it might encourage them to be more conscientious when traveling and working at remote locations.

Policies that require employees to report a lost or stolen laptop as soon as possible may reduce the average cost. In cases where the laptop loss was reported immediately, the average cost was much lower than the average. In contrast, when the loss was communicated slowly (say more than one week later), cost was more than double the overall average.

Anti-theft and data protection solutions are available to secure laptops and the sensitive and confidential data they contain. An understanding of how costly it is to lose a laptop can be used to make the case for purchasing enterprise-wide solutions. As described in this report, data breaches represent the greatest cost. Reducing the incidence of lost laptops through training and awareness programs and protecting sensitive data, has the potential to save organizations significant money and protect their most valuable information assets.

If you have questions or comments about this research report or you would like to obtain additional copies of the document (including permission to quote from or reuse this report), please contact us by letter, phone call or e-mail:

Ponemon Institute LLC
Attn: Research Department
2308 US 31 North
Traverse City, Michigan 49686
1.800.887.3118
research@ponemon.org

Ponemon Institute LLC
Advancing Responsible Information Management

Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations.

As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions.

Appendix I: Summary of the Lost Laptop Cost Framework

Model & component costs Description Average Minimum Maximum
Laptop replacement cost (with corporate overhead allocated). Laptop replacement value with software and overhead $1,582.22 $913.00 $2,500.00
Detection & escalation (hours of employee in search). Employee's time (nearest quarter hour) 3.02 0 16
Conversion = 2.5 X estimated hourly pay rate of employee whose laptop was lost. Estimated hourly rate X 2.5 to reflect organizational value of labor $82.77 $29.70 $189.40
Detection & escalation cost Hours X rate $262.39 $0.00 $1,678.40
Forensic support (hours of IT employees who perform forensic analysis). Security expert's time (nearest quarter hour) 8.36 0 81
Conversion = 2.5 X estimated hourly pay rate of employee performing forensic analysis. Estimated hourly rate X 2.5 to reflect organizational value of labor $90.70 $49.00 $159.00
Forensics & investigation cost Hours X rate $814.02 $0.00 $8,991.00
Number of records containing personal information about customers, employees or other individuals (if applicable). The number of lost records for data types 1 & 2 206.46 0 6,200.00
Per capita cost of data breach X number or records requiring notice. Cost of data breach value = $202 with different rates for financial services and retail based on recent study. 196.3 157 225
Data breach cost Number of records X per capita cost $39,296.70 $0.00 $973,400.00
Did laptop contain intellectual property or other business confidential information that was not encrypted? 0 = No, 1 = Yes 19% = Yes NA NA
Estimated cost of intellectual property or other business confidential information. Extrapolated value determined from field work $4,905,674 $0.00 $250,000,000
Probability that intellectual property or other business confidential documents will be discovered by adverse parties? Extrapolated value determined from field work 0.24% 0.00% 9.00%
Lost intellectual property cost Value X prob of occurrence $5,870.98 $0.00 $250,000
Downtime or lost productivity of employee whose laptop was lost (hours). Employee's lost productivity (nearest quarter hour) 2.8 0 15
Conversion = 2.5 X estimated hourly pay rate of employee whose laptop was lost. Estimated hourly rate X 2.5 to reflect organizational value of labor $82.77 $29.70 $189.40
Lost productivity cost Hours X rate $243.10 $0.00 $1,522.50
Other legal or regulatory costs (expected) Other costs associated with laptop loss or theft $1,176.81 $0.00 $36,000.00
Total Estimated Cost of a Lost Laptop Average of all cost components $49,246 $1,213 $975,527

Login Here
Forgot Password?
    E-Mail address:
Password:
New Customer?
    Sign up now!


Shopping Cart more
0 items


Specials more
LEVO Multi-use Charger
LEVO Multi-use Charger
$129.99
$99.95
About Us Contact Us Resellers
space
Legal | Privacy