Data Breaches Costing Businesses More: Report

By Nathan Eddy  |  Print this article Print

Businesses beware: data breach costs continued to rise for the sixth year straight, according to a report.

For the fifth year in a row, data breach costs have continued to rise, according to a study documenting how businesses are impacted by data breaches. They continue to cost organizations more every year, with the average organizational cost of a data breach this year increasing to $7.2 million, up seven percent from $6.8 million in 2009. Total breach costs have grown every year since 2006, the report noted, and data breaches in 2010 cost their companies an average of $214 per compromised record, up $10 (5 percent) from last year.

The 2010 Ponemon Institute benchmark study, sponsored by Symantec Corporation, examined the costs incurred by 51 organizations after experiencing a data breach. Results were not hypothetical responses; they represent cost estimates for activities resulting from actual data loss incidents. Breaches in the study ranged from nearly 4,200 records to 105,000 records from 15 different industry sectors.

For the second straight year, abnormal churn or turnover of customers after data breaches appeared to be the dominant factor in data breach cost. The report noted regulatory compliance contributes to lower churn rates by boosting customer confidence in organizations’ IT security practices. Average abnormal churn rates across all 51 incidents stayed level at four percent. The industries with the highest 2010 churn rate remained pharmaceuticals and healthcare (both up a point to seven percent). The industries with the lowest abnormal churn rates were public sector (less than one percent) and retail (one percent).

Breaches involving lost or stolen laptop computers or other mobile data-bearing devices remain a consistent and expensive threat, the report found. The prevalence of breaches concerning mobile devices holding sensitive data stayed roughly the same at 35 percent this year, down a point. Per-record costs rose $33 (15 percent) to $258 per record. The research suggested that device-oriented breaches have consistently cost more than many other breach types. "This may be because investigations and forensics into lost or stolen devices are more difficult and costly," the report said.

The number of breaches attributed to negligence edged up a point to 41 percent. Breaches from negligence in 2010 averaged $196 per record, up $42 (27 percent) from 2009. The report said the relatively stable incidence of negligence may indicate that ensuring employee and partner compliance remains an ongoing challenge. "These figures may reflect the growing prevalence and cost of malicious breaches, as well as organizations’ growing competency in handling breaches from systems failures and negligence," the report noted.