| Businesses beware: data breach costs
continued to rise for the fifth year straight, according to report.
For the fifth year in a row, data breach
costs have continued to rise, according to a study documenting how
businesses are impacted by data breaches. They continue to cost
organizations more every year, with the average organizational cost of a
data breach this year increasing to $7.2 million, up seven percent from
$6.8 million in 2009. Total breach costs have grown every year since
2006, the report noted, and data breaches in 2010 cost their companies
an average of $214 per compromised record, up $10 (5 percent) from last
year.
The
2010 Ponemon Institute benchmark study, sponsored by Symantec
Corporation, examined the costs incurred by 51 organizations after
experiencing a data breach. Results were not hypothetical responses;
they represent cost estimates for activities resulting from actual data
loss incidents. Breaches in the study ranged from nearly 4,200 records
to 105,000 records from 15 different industry sectors.
For
the second straight year, abnormal churn or turnover of customers after
data breaches appeared to be the dominant factor in data breach cost.
The report noted regulatory compliance contributes to lower churn rates
by boosting customer confidence in organizations’ IT security practices.
Average abnormal churn rates across all 51 incidents stayed level at
four percent. The industries with the highest 2010 churn rate remained
pharmaceuticals and healthcare (both up a point to seven percent). The
industries with the lowest abnormal churn rates were public sector (less
than one percent) and retail (one percent).
Breaches involving lost or stolen laptop computers or other mobile
data-bearing devices remain a consistent and expensive threat, the
report found. The prevalence of breaches concerning mobile devices
holding sensitive data stayed roughly the same at 35 percent this year,
down a point. Per-record costs rose $33 (15 percent) to $258 per record.
The research suggested that device-oriented breaches have consistently
cost more than many other breach types. “This may be because
investigations and forensics into lost or stolen devices are more
difficult and costly,” the report said.
The
number of breaches attributed to negligence edged up a point to 41
percent. Breaches from negligence in 2010 averaged $196 per record, up
$42 (27 percent) from 2009. The report said the relatively stable
incidence of negligence may indicate that ensuring employee and partner
compliance remains an ongoing challenge. “These figures may reflect the
growing prevalence and cost of malicious breaches, as well as
organizations’ growing competency in handling breaches from systems
failures and negligence,” the report noted.
|
