Going further than just replacing the hardware, this IDC report sponsored by Kensington discusses how it’s important for SMEs to understand the true cost of laptop theft and why they can’t afford to ignore the need for adequate security measures.
Competing with larger enterprises with greater economies of scale or small businesses with dynamic flexibility and lower overheads, is compelling the average SME to seek out new ways in which they can boost their competitive advantage.
Increasing productivity, improving customer service and reducing travel costs – the advantages of mobile computing are manifold and combined with a hardware costs that have fallen consistently over the past decade, it’s easy to see why the laptop computer is becoming ubiquitous within the SME toolset.
This does however present new challenges to the business, where once valuable data was behind the closed doors of the server room and the PC was safely tucked away in the office, there is now a large mobile workforce toting the latest in mobile hardware along with valuable business information that is a temptation to the opportunistic thief as well as a living for the professional larcenist; but hardware is not the only thing being risked…
The hardware cost of theft is difficult enough to swallow, but the disruption to business and the risk to customer information, employee records or sensitive company data is a far worse fate for contemplation.
So what happens when a laptop is stolen?
First of all, the chances of getting the stolen laptop returned are known to be less than 3 percent, so for the remaining 97 percent of all stolen laptops there is a lot that is unknown, we do know that a small percentage are targeted for their data – but for the majority it is the hardware the thief is interested in.
As the cost of buying new hardware has fallen dramatically over the past few years, so too has the value of a used or stolen machine. However, this fall in second-hand value has been offset by the rise of the internet as medium through which to sell used goods.
Counting the cost
knowing that a stolen laptop is most likely destined for a full drive reformat and new OS install is probably a great relief for most IT managers when faced with this situation, but the problems have normally only just begun. IDC’s research has shown that when counting the cost of laptop theft a staggering 58 percent of the cost is related to non-hardware issues such as the loss of intellectual property.
Assessing the impact
When a laptop is stolen there are a number of concerns, the most obvious are normally the more benign. With most laptops infrequently stolen for their data and the minimal cost of hardware, the true cost to the business lies in things like:
- Loss of customer confidence
- Lost orders
- Missing product specifications
- Absent invoicing
- Delayed billing and payment
- Wasted travel and accommodation
All this combines over time to cost much more than the device and its data alone.
Research shows that 49 percent of SMEs take 2 to 4 days to replace a laptop, causing huge disruption for the user now without means of working, in fact approximately 17 percent of the total cost to the business is attributed to lost man hours and the time spent sourcing and setting up a replacement laptop.
However, the biggest fear for most SMEs is the loss of customer information, and these fears are not unfounded. A UK financial institution was recently fined £2.5m by the regulators for the misplacing of customer records. A similar situation for an SME – the loss of customer confidence without the slick PR teams on hand – would be devastating.
Beyond the physical
Increased competition is also forcing the SME to develop resources that were traditionally the preserve of the larger enterprise. Intranets and VPNs are well within the technological and financial reach of SMEs and this gives cause for further concern. While enterprise class networks exist within SMEs, the security measures and more importantly, security policies are at a less advanced stage of maturity. This disparity is where a breach of network security can come about as a result of laptop theft.
Some laptops are used to access material on a network and then cache sensitive information or make a local copy. Another scenario is that a laptop may actually hold, through a key-ring product, the passwords necessary to gain remote access to a network – causing untold damage.
The true cost of laptop theft
The IDC report showed that 96 percent of SMEs had no idea what the total cost of a stolen laptop incident was to their business. Being able to identify the cost is perhaps not as important as being aware that there are wider costs beyond replacement of the hardware. Risk to employee security, cost of data replacement and the general loss of customer confidence are all factors that need to be considered. This is especially important when formulating policy and positioning internal training and theft prevention information and awareness.
The laptop market has a wide choice of products, from the tried and tested cable locks through to innovative internet tracking services, they each have their place. When SMEs were asked what they look for in a security device they came up with the following criteria, ranked in order of importance:
- Proven results
- Product quality
- Ease of use
IT Managers say 40 percent of their laptop theft would not have occurred if a security cable had been in use. Physical security for laptops is a high priority; with 75 percent of IT Managers interviewed rating it as better value than software security; but interestingly no SME interviewed as part of the study spent more on physical security than software.
There is a strong case for cable locks and an even stronger case for promoting their use. The single biggest barrier to this is the reluctance of employees to use them – easily overcome with policy and awareness campaigns.
They say that familiarity breeds contempt, or perhaps just forgetfulness. But above all this IDC report shows that companies can no longer afford to be complacent about the physical security of their laptop computers. We live in an age where walls, fences and other barriers are no longer enough to protect your business, intellectual property, brand and company image. If you enforce a cohesive approach to information security – incorporating both physical and software security measures – you will save your business time, money and avoid potentially damaging embarrassment.
Best practices for avoiding laptop theft
- Keep laptop locked at all times
- Keep out of sight (not on car seat, near window etc.)
- Back up information stored regularly to reduce impact if stolen
- Place stickers on the laptop – to warn would-be thieves and remind users to ‘think secure'
- Educate the user base as to the importance of security and the cost to the business if their laptop is stolen