Study Shows Data Breach Costs Continue To Rise
PGP Corp. and the Ponemon Institute recently announced results of the fourth annual U.S. Cost of a Data Breach Study.
According to the study which examined 43 organizations across 17 different industry sectors, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, compared to $197 in 2007.
Within that number, the largest cost increase in 2008 concerns lost business created by abnormal churn, meaning turnover of customers. Since the study's inception in 2005, this cost component has grown by more than $64 on a per victim basis, nearly a 40 percent increase.
The annual U.S. Cost of Data Breach Study tracks a wide range of cost factors, including expensive outlays for detection, escalation, notification and response along with legal, investigative and administrative expenses, customer defections, opportunity loss, reputation management and costs associated with customer support such as information hotlines and credit monitoring subscriptions.
Other key findings from the study include:
- Average total per-incident costs in 2008 were $6.65 million, compared to an average per-incident cost of $6.3 million in 2007.
- Healthcare and financial services companies experienced the highest churn rate -- 6.5 percent and 5.5 percent respectively, on a total average of 3.6 percent, which reflect the sensitivity of the data collected and the customer expectation that information will be protected.
- Third-party organizations accounted for more than 44 percent of all cases in the 2008 study and are also the most costly form of data breaches due to additional investigation and consulting fees.
- More than 84 percent of 2008 cases involved organizations that had had more than one data breach in 2008 -- meaning that companies are becoming more experienced in managing breaches over time.
- More than 88 percent of all cases in this year's study involved insider negligence.
- More than half of respondents believe that training and awareness programs assist in preventing future breaches and 44 percent have expanded their use of encryption.
- The most significant cost decrease was seen in activities relating to post-breach response, which indicates that organizations are becoming more cost effective in managing data breaches.
"After four years of conducting this study, one thing remains constant, U.S. businesses continue to pay dearly for having a data breach," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy."
The study, sponsored by PGP Corp. and independently conducted by the Ponemon Institute, examines the financial consequences of data breaches involving consumers' personally identifiable information. The study uses objective methods for quantifying specific activities that result in direct, indirect and opportunity costs from the loss or theft of personal information, thus requiring notification to breach victims as required by law or policy.
"In this current economic climate, U.S. businesses can't afford to give their customers any reason to go elsewhere," said Phillip Dunkelberger, president and CEO of PGP Corp.. "This study continues to show that the results of a data breach can seriously wound a company's bottom line and reputation. This begs the question, when are organizations going to get proactive about protecting their critical data."
The complete report can be found at http://www.encryptionreports.com/.