Each day at work I get an update on the latest publicly revealed data loss incidents, be it laptops, memory sticks or corporate hacks. Unfortunately I become pretty immune to these daily reports and normally skim read what has no doubt been a traumatic incident for those involved. Many data loss incidents take months, if not years, to clear up; some will probably never be concluded as our friends at HMRC are discovering. It could be a long time before those discs turn up, if ever.

If (or more likely when) a bank loses customer data on an unencrypted laptop or USB drive then a number of people will be directly affected. The person responsible for losing the laptop will be disciplined, and maybe fired. The IT function will need to explain why the data was not encrypted and, more importantly, the individuals whose data has been lost may have problems with identity theft.

The cost of such a data loss is now quantifiable, thanks to work completed by the Ponemon Institute. More importantly we now have UK-specific numbers, gleaned from an anonymous survey of 21 UK businesses that suffered a data loss in 2007. (The Ponemon Institute has run a similar survey in the US for the past 3 years so we now have trending data. This is the first survey using the same methodology in the UK). On average a data breach in the UK costs £47 per record compromised, with financial services companies paying £55 per record due to the higher expectations of privacy and security. The full UK report is now available at http://www.pgp.com/downloads/research_reports/index.html

So at a micro level we have seen that data losses have an impact. Most people who are not directly involved will call it a day and move on to the next data breach that is no doubt coming around the corner.

But what about the macro level? Is there a bigger impact from such data losses than the £47 per record?

The answer is yes.

Much as a butterfly may flap its wings in California and cause a violent storm in Europe we can imagine a butterfly affect with data loss. The recent loss of PCs in South America that contained details of a new oil find off the coast of Brazil was luckily down to common theft. Imagine if it was a targeted assault on the data by either a political or commercial enemy. It is not too hard to imagine such a theft impacting the subsequent development of the oil field which in turn may have an effect on global oil prices.

All from the theft of some PCs. Far fetched? I don't think so.

Industrial espionage is bigger business than it has ever been. Politically motivated espionage is as vibrant as ever, and terrorist attacks on IT infrastructures are a huge threat not often discussed in the public domain.

Maybe the time has come to stop the shrieking about individual data loss incidents and focus more on the bigger picture. That way, at least, we may get governments and organisations to take the matter seriously.