Early last week, PGP Corporation and the Ponemon Institute released the results of their joint venture, 5th annual, 2009 Annual Study: Cost of a Data Breach. In an effort to save our readers from the imminent snore fest that will follow downloading this report, here are some of the highlights of the study:

Key Findings:

• 36% of the cases studied involved lost or stolen mobile devices
• 42% of the cases studied involved 3rd part mistakes or flubs
• 24% of the cases involved a malicious or criminal attack that resulted in the loss or theft of personal information
• Data breaches from malicious attacks and botnets doubled from 12% to 24% in 2009
• The total cost to the enterprise rose from $202 to $204 per compromised record
• The average organizational cost of a data breach increased from $6.65 million to $6.75 million in 2009 with the magnitude of the event ranging from 5,000 to more than 101,000 lost or stolen records.

The study goes on to discuss preventative measures that include industry best practices that include manual and policy approaches as well as automated IT security solutions. The report identifies the most effective technologies as:

• Encryption (including whole disk encryption and for mobile devices/smartphones
• Data loss prevention (DLP) solutions
• Identity and access management solutions
• Endpoint security solutions and other anti-malware tools

It then goes on to encourage enterprises to look for centralized management of IT security solutions so they can automatically enforce IT security best practices throughout the organization. None of these recommendations should be considered ground breaking ideas. Security professionals have been working diligently over the past decade or longer to bring these types of solutions and protection capabilities into their enterprises. In many cases, regulatory requirements for the most targeted industries have forced the hands of budget managers to embrace these automated technologies, often to the benefit of their customer base. In other cases, where regulation has not been effective at encouraging an organization to perform their due diligence, the threat of the loss of customer base or reputation has provided the necessary ammunition for IT departments to convince budget managers to embrace security as a business decision.

What this study does reveal is that enterprise protections still need to be extended to the mobile user. Knowing that 1 in 3 data breaches were the result of an attack on a mobile device underscores that fact. Mobile users are gaining increasing access to corporate data from networks that cannot be controlled or monitored and are often open to the general public. Mobile smartphone devices continue to lack even the basic protections that laptops receive, yet the same data can and is being accessed.

Of the preventative solutions that were provided in the study, 2 of the 4 can be directly applied to smartphone devices at the consumer level. When considering the recommendation that encourages organizations to look for enterprise management solutions for automated protections, enterprise smartphone users can leverage 3 of the 5 recommendations, today.

In our experience, limiting physical access to the device and encrypting the data that resides on the device may be the single most effective way of protecting data in the case that a handset is lost or stolen. When encryption and passcodes are coupled with endpoint security applications on smartphones that allow for remote lock/wipe and GPS locate, the risk of losing sensitive data declines immensely.

When considering the risk to data from an automated or malicious attack, mobile anti-virus and anti-spyware applications provide the endpoint protections necessary to identify if your device is infected with malware. Currently, this technology is incredibly affordable and available to enterprise users and consumers alike. Just as no sane user would consider conducting any type of business from a computer without, at least, an anti-virus program running, smartphone users should be employing the same logic. To address the fifth recommendation for enterprises to look for enterprise managment solutions when providing endpoint security solutions, SMobile offers an enterprise solution that is tailored specifically towards easing administration and configuration woes and simplifies routine analysis of enterprise devices.

Corporate and personal data is under attack, both as it resides inside the enterprise and when it’s being manipulated on mobile devices and smartphones. Consumers and enterprises only do themselves and their customers an injustice when they continue to treat these devices with deference, as compared to other computing devices.