Average size of a data breach: 16,000 files.
In the wake of Sony's data debacle, corporations around the world are taking another look at information security. Storing your data behind a firewall isn't enough, and trusting on client-side protections to keep the bad people out is what screwed the PlayStation Network. The industry is grappling for a solution, especially with the news that 82% of IT practitioners questioned report at least one breach of their systems.
The cost of a stolen file varies pretty wildly. The average figure is $214...but entities lose an average of 16,000 records per data breach. That's a mean loss of $3.4 million for every single incursion. Despite a security threat that increases every day, only 37% of respondents self-report that their data protection is at the "late or mature" stage.
Most security professionals seem to prefer software-based encryption to hardware based. 85% say their organization uses software-based encryption to keep data safe...but not because it is the best option. 36% say they do not understand how to use the hardware-based encryption available. Which is a shame, because hardware-based encryption is much harder to crack. 70% of those surveyed believe self-encrypting drives could have had an "enormous and positive impact" on the protection of their data.
So here it is in layman's terms. No matter where your data stays, there's a huge chance the people responsible for keeping it safe won't be able to. Many of them don't understand the technology necessary to keep you safe.
It's worth noting that this study has a definite bias in favor of self-encrypting hard drives. The Ponemon Institute seems to feel that these new hard drives are the best way to secure large amounts of enterprise data. And while I question their objectivity, I can't deny that SEDs do the job. Any additional layer of security between "my data" and "data pirates" is a positive thing.
The scary thing about info-heists is that no one is really safe from them. Even if you're totally careful and never give out your data to a private entity, you're still at risk. The government's data could suffer a breach. Your doctor's office could be hacked. Or one of the retailers you gave your name and zip code to could lose their info. There's no "secure" anymore, only differing levels of risk. Self-encrypting drives may help to cut down on that risk...but at this point, the tide of miscreants looks too thick to stop.