Data breach costs: £60 per record, says Ponemon

By Ron Condon, U.K. Bureau Chief 06 Feb 2009 | SearchSecurity.co.uk

Security UK News Digg This!     StumbleUpon     Del.icio.us

An investigation into 30 data security breaches in the U.K. has shown that the loss of personal or financial information can damage businesses and make it harder for them to hang on to their customers.

The research, carried out by the Ponemon Institute, and sponsored by PGP Corp., is based on interviews with 30 U.K. companies in 10 industrial sectors that suffered a security breach. The study found that the average cost of a data breach is £60 per compromised record, a significant increase from last year, which calculated the damage at £47 per record.

The cases in the study ranged in size, affecting from 4,100 to 92,000 records, while the estimated cost to organisations varied from £160,000 to £4.8m.

The study found that more than half the cost was caused by a measurable loss of business resulting from a breach, with customers leaving, and greater difficulty in acquiring new customers. The researchers stated that "customers are increasingly prone to terminate their business relationship due to lost data, producing consistently higher abnormal churn rates."

The study also revealed that the cost was even higher (£67) where a third-party supplier was involved in the breach.

Costs associated with detection, escalation, and informing customers decreased slightly in 2008, which according to researchers suggests that businesses are improving their processes to uncover, manage and communicate data breaches.

Lost laptops were the most significant cause of a breach, and two-thirds of breaches were caused by some kind of mistake or accident rather than malicious intent.

More on data breaches Government departments breach Data Protection Act principles Recent research uncovers a lack of basic privacy controls in the public sector. Recovery plans essential for preventing data loss disasters If you lose a laptop or USB stick that contains sensitive employee data, do you know what to do next?

"It echoes what we are seeing in the U.S. After a breach happens, churn rates can go up by 1% to 8%, and the cost of new customer acquisition will also rise," said Jamie Cowper, head of marketing for PGP. "They are two main indicators for lost business."

He said companies showed they could get better at managing a breach by having an emergency response plan in place. "We see in the U.K. that costs are down for detection, escalation and post-breach response. But what you can't control is consumers deciding they can't trust you with their mortgage, current account or online shopping."

Cowper added that the report underlined the need to manage outsourcing contracts better. "Companies need to think about how they manage outsourcing, and going forward, how they manage cloud computing. They need to know where their data is and how it is being managed."

Survey respondents identified encryption and identity and access management products as the top two technology responses following a data breach. Control practices and training and awareness programmes were cited as the top two manual processes.

"In just the second year of this U.K. study, research proves U.K. businesses continue to pay dearly for having a data breach," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute in a statement. "As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy."

Tags: Enterprise Data Storage,  Data Breach Incident Management and Recovery,  Data Protection Solutions and Strategy,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise Data Storage Safend expands data leakage prevention product to plug more gaps TrueCrypt: How to get started with open source disk encryption Report: Firms avoid encrypting backup tapes, databases Encryption tips: How to secure a laptop The real reason behind backup recovery disk failures Infosec pros wake up to Excel spreadsheet security risks How to enforce an enterprise data leak prevention policy 3ami allows employers to track use of USB storage devices How to create a data classification policy EMC adds configuration management with Configuresoft acquisition Data Breach Incident Management and Recovery Make PCI DSS compliance easier by reducing scope, outsourcing data Full disk encryption: Safer and easier than file and folder encryption PCI DSS requirements: Get ready for stricter enforcement, fines Data breach costs continue to rise in 2009, Ponemon study finds Data Protection Act breach could cost companies 500,000 pounds Jericho Forum to provide customers with good security questions to ask Verizon report goes deep inside data breach investigations Insider threat detection still a challenge for employers Layoffs prompt insider threat fears, cybersecurity survey finds ArcSight boosts system log management capabilities Data Protection Solutions and Strategy Enterprise data management: Prevent data loss and insider threats NSA, cryptoexperts jab at RSA Conference 2010 Cryptographers' Panel Make PCI DSS compliance easier by reducing scope, outsourcing data Data Protection Act fines likely limited, audit powers may expand Websense integrated security system aims to simplify security management Full disk encryption: Safer and easier than file and folder encryption No major PCI DSS revision expected in 2010 Data breach costs continue to rise in 2009, Ponemon study finds Chinese hacker attacks target Google Gmail accounts, top tech firms Annual security reports offer some hope

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary