It's been a long week but Friday night is finally here, football night, and as usual the boys are waiting for you at the pub. It's a crucial game, a season-ender if they lose, but you've got a looming Monday deadline and stacks of work to get through. Not a problem you reckon, just download the necessary data to a USB stick you picked up for a few bucks on eBay and work from home tomorrow on the laptop. A quick drive home, park the car, pop the USB stick in your pocket and high tail it over to the corner spot at the local and a few amber bevies.
Tomorrow, 11am: You get up, groggy and wretched but still stoked with the big win. It's time for work so you search your pants for the USB stick. Alarm bells ring. No, it's not the hangover, the USB stick is gone, lost in last night's revelry and with it thousands of sensitive customer details; all unencrypted. "Oops", just doesn't do the damage caused any justice.
That's data loss and unfortunately it's not uncommon. If you were in the UK or North America and your employer found out, you would have to publicly disclose what transpired. Indeed, in the past two years there have been several high profile cases. First, an unencrypted laptop with data on up to 600,000 people was stolen from a UK Ministry of Defence recruiting officer's car. Next was the delayed announcement of the loss of four laptops containing personal details of 10,000 Bank of Ireland customers. And then there was the loss of a DaimlerChrysler Financial Services Canada data tape, which had customer names, addresses and social insurance numbers. But perhaps most infamous was the loss of a CD with data on almost half of the UK's population - including dates of birth, addresses, bank accounts and national insurance numbers - in the post by HM Revenue & Customs. Big "Oops".
Yet, according to most IT security experts, that's just the tip of the iceberg. A report by the IT Policy Compliance Group found 68 per cent of organisations suffer from six losses of sensitive data annually and that human error is responsible for three-quarters of all incidents. And this is only reported losses: There were no estimates of unreported occurrences which slipped under the radar. On average a loss can cost up to 8 per cent of revenue, $100 for every customer that needs to be informed, and involve considerable customer defections.
While Australia does not have mandatory disclosure laws - and therefore publicly experiences less high-profile cases - the picture Down Under does not get any better.
"We've been seeing customers who are still having major data leakage issues here [in Australia] more from the perspective of data in motion," Marshal head of technical consulting Asia-Pacific, Oscar Marquez, said.
"They keep seeing files disappearing, sales forecasts disappearing and going across to the competition, and there has even been a customer where their entire patent has disappeared. So you are talking in the millions of dollars in known data leakage. But we know it reaches to higher levels because most companies don't actually publicly come out with it."
For many large publicly listed corporations that are looking at products, divulging incidents of data loss could spook the market and have serious financial implications. As a result, there is a lack of exposure in the Australian media.
"Back in the 1990s people weren't announcing that they were being smashed by viruses either," Marquez said.
"I think it just unsettles the investors. I've seen a couple of cases where it has gone up into the twenties of millions, so you just really have to understand how sensitive that data can be."