Losing a laptop doesn’t seem like front-page news, but when its a BP executive who lost one with the records of some 13,000 people with claims arising from the Gulf of Mexico oil spill, the story changed.  But the story isn’t just about the absent-minded at best, shabby at worst behavior of the petroleum giant.  It is that when it comes to identity theft, it is not all the Internet’s fault.

According to people who track this stuff, like the Ponemon Institute, lost laptops are responsible for 35 percent of lost or stolen personal data; “Breaches involving lost or stolen laptop computers or other mobile data-bearing devices remain a consistent and expensive threat.”  And expensive, too.  Again, as per Ponemon, “Per-record costs rose $33 (15 percent) to $258 per record.”  Multiply that by the 13,000 BP records and it totals $3.4 million.  That is one expensive laptop.

Yet, most of the market’s attention is focused on network security.  One estimate has the current spending total of $5 billion this year will rise to $10 billion by 2016.

The picture is a bit different when it comes to employee training.  One recent analysis found that 40 percent of companies surveyed have cut or plan to cut funding while just “10 percent anticipates an increased investment in training in the next 12 months.”

The “slackers or hackers” view of lost data ought to give those companies second thoughts.  The cost of lost data is far higher than the investment in better practices.