Data Breaches Costing Businesses More: ReportBy Nathan Eddy | Print
Businesses beware: data breach costs continued to rise for the sixth year straight, according to a report.
For the fifth year in a row, data breach costs have continued to rise, according to a study documenting how businesses are impacted by data breaches. They continue to cost organizations more every year, with the average organizational cost of a data breach this year increasing to $7.2 million, up seven percent from $6.8 million in 2009. Total breach costs have grown every year since 2006, the report noted, and data breaches in 2010 cost their companies an average of $214 per compromised record, up $10 (5 percent) from last year.
The 2010 Ponemon Institute benchmark study, sponsored by Symantec Corporation, examined the costs incurred by 51 organizations after experiencing a data breach. Results were not hypothetical responses; they represent cost estimates for activities resulting from actual data loss incidents. Breaches in the study ranged from nearly 4,200 records to 105,000 records from 15 different industry sectors.
For the second straight year, abnormal churn or turnover of customers after data breaches appeared to be the dominant factor in data breach cost. The report noted regulatory compliance contributes to lower churn rates by boosting customer confidence in organizations’ IT security practices. Average abnormal churn rates across all 51 incidents stayed level at four percent. The industries with the highest 2010 churn rate remained pharmaceuticals and healthcare (both up a point to seven percent). The industries with the lowest abnormal churn rates were public sector (less than one percent) and retail (one percent).
Breaches involving lost or stolen laptop computers or other mobile
data-bearing devices remain a consistent and expensive threat, the
report found. The prevalence of breaches concerning mobile devices
holding sensitive data stayed roughly the same at 35 percent this year,
down a point. Per-record costs rose $33 (15 percent) to $258 per
record. The research suggested that device-oriented breaches have
consistently cost more than many other breach types. "This may be
because investigations and forensics into lost or stolen devices are
more difficult and costly," the report said.
The number of breaches attributed to negligence edged up a point to
41 percent. Breaches from negligence in 2010 averaged $196 per record,
up $42 (27 percent) from 2009. The report said the relatively stable
incidence of negligence may indicate that ensuring employee and partner
compliance remains an ongoing challenge. "These figures may reflect the
growing prevalence and cost of malicious breaches, as well as
organizations’ growing competency in handling breaches from systems
failures and negligence," the report noted.