The Ponemon Institute has released a new study which indicates that the cost of a data breach has gone up 30% over 2006. Interestingly, the costs associated with breach notification have gone down by nearly half; lost business opportunity represents the largest, and fastest growing, element of cost.

The Ponemon Institute runs an annual study on the cost of a data breach - the 2007 study, which looked at 35 breaches in the US in 16 industries including financial services, retail, health care, and software industries, shows that the cost per breached record has gone up from $182 to $197. Over 215 million records have been breached since 2005 - that is a cost, in the 2007 value, of over 42 billion dollars.

The costs associated are highest for the lost business opportunity (churn, acquisition), a factor that relies greatly on trust. The cost factors included are: legal, investigative, administrative, customer defections, opportunity loss, reputation management and customer support.

“The data from 2007 suggests that although companies are responding to data breaches more efficiently, consumers seem to be less forgiving when their personal information is compromised,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “The bigger problem, however, remains the persistent underlying issue of data security. Of course, the easiest way for companies to avoid the costs associated with a data breach would be to avoid a breach in the first place.”

Highlights from the study:

  • Average total per-incident costs in 2007 were $6.3 million (up from $4.8)
  • The cost of lost business increased by 30% to $4.1 million
  • The cost of lost business represents nearly two thirds of the full cost associated with a data breach
  • Breaches by third-parties were up to 40%, from 29%, and are more costly per record ($231 vs $171 on an internal breach)
  • Notification costs are down by 40%

Post breach, companies most often enacted the following protocols: encryption, data loss prevention solutions, identity and access management solutions, endpoint security controls, security event management solutions, and perimeter controls.

Via marketwire, pc world Tags: , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati