The annual guide provides an analysis of the past year's security breaches and offers companies a range of best practices in data security, privacy, and data collection.
In 2011, over 558 incidents were reported at a cost to US businesses of more than $6.5 billion, according to the guide. It is estimated over 50% were a result of a server exploit, of which 96% were avoidable if the recommendations outlined in the guide had been implemented, OTA said.
The average cost incurred last year by each business for a data breach was $7.2 million or $318 per user record compromised – an increase of over $100 per user record from 2009. These incidents also consumed, on average, over 600 man-hours to remedy, the guide said.
The OTA guide recommends that businesses develop a data incident plan that enables the firm to determine quickly the nature and scope of a data incident, take immediate steps to contain it, ensure that forensics capabilities are not hampered, and immediately initiate steps to notify regulators, law enforcement officials, and the impacted users of the loss.
“Last year, more than 125 million people were affected by data loss incidents. Combined with the increased awareness of these high visibility incidents and aggressive data collection and sharing practices, consumers’ trust and online confidence is under attack. By following the recommendations in this guide we have an opportunity to enhance online trust and promote the vitality of the internet,” said Craig Spiezle, OTA executive director and president.