Continuing to highlight great information found in the “2009 Annual Study: Cost of a Data Breach” by the Ponemon Institute, and sponsored by PGP, we focus this week on a nugget that is reminiscent of a key step recommended in the MyLaptopGPS white paper “Multi-Layer Laptop Security.” The breach report notes that “forty-two percent of all cases in this year’s study involved third-party mistakes or flubs.”

Furthermore:

Data breaches involving outsourced data to third parties, especially when the third party is offshore, were most costly. This could be due to additional investigation and consulting fees. The cost per compromised record for data breaches involving third parties was $217 versus $194, more than a $21 difference.

Indeed, it’s crucial to ensure that security policies and procedures take into account that third-party contractors, consultants, and other vendors can often be the weak link in a chain. You can always fire that third-party that breaches your customers’ data, but what good does that really do? It’s crucial to safeguard information both in-house and when it is shared with third parties.