The presentation identified two new risks that are present throughout most technology infrastructures these days. The mobile landscape is ever-evolving and bringing new endpoints into enterprise ecosystems. More companies are also beginning to outsource their technology needs for greater business agility. However, both of these trends present new challenges to the companies that adopt them.

Presentation authors Jeremy Henley of ID Experts and Anthony Dagostino of ACE Group noted in particular that the widespread use of many different devices often leads to exposure of unencrypted sensitive information. Data security can be further put at risk if an organization doesn't carefully consider the data protection solutions used by their cloud providers. Despite the growing risk, the top three sources of information leaks - human error, hacking and lost/stolen laptops - can be mitigated by using data encryption software. Henley and Dagostino created a breakdown of costs associated with data security incidents, including:

• Hiring a breach consultant
• IT forensics and investigation
• Public relations management services such as offering credit monitoring for affected individuals
• Compliance evaluations
• Regulatory fines

As these items suggest, a single breach can result in costs from many different angles, and that means costs can quickly add up. For example, a worker's laptop that stores unencrypted personally identifiable healthcare data and payment card information may violate both the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI-DSS).

Protecting non-essential data
It may be tempting to think of some data as relatively harmless, but failing to protect that kind of information can still result in unexpected costs. Video game developer Blizzard Entertainment found that out earlier this year after a data breach exposed email addresses of its customers.

Fortunately for affected individuals, the company followed best practices by encrypting at-risk information. Despite a lawsuit related to the incident, Forbes contributor Erik Kain commended the company for taking effective data protection measures and for quickly notifying its customers. Had the information not been encrypted, Blizzard would have been on much shakier legal ground.