MyLaptopGPS REDI: Realtime Estimated Damage Index

The MyLaptopGPS™ REDI™ Realtime Estimated Damage Index Year 2009 as of January 06 Publicized PCs Lost/Stolen: 0 units Number of Citizens Compromised: 0 data records Total Estimated Damage: $0   Cost of Protection: $9.95 Worth It? You Decide. Get REDI™ Google Gadget or Add to Your Site

The MyLaptopGPS™ REDI™ is a cumulative total of high-profile laptop and desktop computer thefts and losses, built in realtime on an annual basis. The index consists primarily of media-reported high-profile laptop thefts and losses involving the Personally Identifiable Information (PII) of constituents of the breaching organization. In most cases, a breaching organization loses, or fails to protect from theft, a laptop computer containing the PII of N individuals. These individuals are typically customers of the breaching organization, its users, its members, or its clients.

The REDI™ does not include the vast majority
of laptop thefts and losses.
That is, in most cases a personal or business laptop or desktop computer is lost or stolen and the incident is not reported, or the report does not reach the media. This is typically due to noncompliance with reporting laws or because the incident involved fewer data records than the reporting threshold. In such cases, the incident itself is almost always extremely damaging to the breaching organization or individual because of the breach of sensitive business information, lost productivity, and Identity Theft. The cost of damages in such cases often reaches the tens of thousands, or hundreds of thousands, of dollars, according to the 2002 Computer Security Institute/FBI Computer Crime & Security Survey, which estimated average losses at $89,000, and the 2003 Annual Computer Crime and Security Survey, which estimated average losses at $250,000. On the low end of this estimate, with a projected 2.5 million laptops stolen in 2008, excluding lost laptops (a significant figure itself), a projection of 2,500,000 x $89,000 = $222,500,000,000 in damages to businesses and individuals is calculated.

$222,500,000,000 in estimated damages from theft alone
to normal businesses and individuals.
However, the true estimate of damages is highly variable, as the average loss across ALL laptop thefts, including personal thefts, is difficult to truly calculate, particularly when the longer-range costs of Identity Theft are considered, along with the cost of lost laptops (not merely stolen laptops). A personal laptop with very little personal data stored, few passwords, etc., while a rare circumstance, may result in a less damaging loss, while most business losses are significantly greater. Furthermore, in many personal laptop thefts a "priceless" damage is incurred due to loss data of a sentimental value or other immeasurable factor.

The MyLaptopGPS™ REDI™ indexes the high-profile losses made known publicly, by tracking:

a) The number of laptop/desktop units reported stolen (U)
b) The number of data records contained thereupon (N)
c) Any reported calculated damages, varying from standard (D)

The single REDI™ value "Total Estimated Damage" (T) is calculated using the formula:

T = (N * 197) + D
In cases where D is known (reported) as nonzero, the value of N is excluded (set to 0) in favor of the value of D. That is, if damages were reported then they are assumed to be more accurate for the given incident than the standard average damage. The value 197 is based upon the "2007 Annual Study: Cost of a Data Breach" by the Ponemon Institute, which found the average cost per data record lost to be $197. A press release concerning the 2007 Ponemon study can be found here (external link), with coverage at SearchSecurity.com here (external link). The study was sponsored by PGP Corporation and Vontu, Inc.