Failing to protect laptops with a mix of technology and policy can be costly, and a new survey showed just how much.
The survey, dubbed "The Billion Dollar Lost-Laptop Study," was conducted by Intel and the Ponemon Institute and fielded input from 329 public and private organizations. During the past 12 months, those respondents collectively lost more than 86,000 laptops, costing themselves a staggering $2.1 billion in lost data, productivity and equipment.
Most of these laptops-60 percent-were logged as missing. The remaining 40 percent were either confirmed or suspected to be stolen. Thieves love transportation spots such as airports--among companies reporting the highest theft rates, 48 percent of laptops were stolen at transportation venues. The three main environments where employees most often part with their laptops are seemingly safe off-site locations such as homes or hotels; transportation sites; and their own offices.
The most common areas for loss are those apparently benign off-site locations, which are the site of more than 40 percent of losses.
Among the companies surveyed, just five percent of laptops are ever recovered.
"Looking at these results, you can barely fathom the significant financial impact of missing laptops," said Anand Pashupathy, general manager of Intel Anti-Theft Services, in a statement. "More astonishing, considering the vulnerability of laptops and their data is that the majority of these companies aren't taking even basic precautions to protect them."
Methods such as hard disk encryption, data back-up and antitheft technologies are not widely used, the survey found. While 46 percent of the lost systems contained confidential data, just 30 percent of those systems were encrypted, and only 10 percent utilized other antitheft technologies.
According to the study, the chance of workers misplacing their laptops or having them stolen is somewhere between 5 and 10 percent, depending on the industry, during the PCs' expected three-year life spans. Of the 11 industries surveyed, education and research institutions lost laptops the most - less than 11 percent of their mobile PCs. Financial institutions were at the other end of the scale, losing only about five percent of their laptops.
Businesses need to know what data is on which devices, understand how it's at risk and implement proper policies, training and technical controls, security expert and author Kevin Beaver, who was on a Dec. 2 media call about the report, told eWEEK afterward.
Seventy-one percent of the laptops were not backed up - meaning that many of the organizations lost a lot more than just the physical machine. In fact, much of the losses reflected in the $2.1 billion figure come down to data, Larry Ponemon, chairman of the Ponemon Institute, explained during the media call. Many organizations he said, are "incompetent in protecting information assets"--not just laptops, but removable media and smartphones as well.
"Most of [the cost] is the data," he said. "When you add intellectual property and confidential information...if it's confidential information about people then you have to worry about notification and it becomes a data breach. So under those conditions it's really more about the information than the device itself."