Study: Data breaches continue to get more costly for businesses
Average cost of breaches hits $202 per stolen record, according to Ponemon report
Computerworld - Companies that are reluctant to invest what it takes on data security better be prepared to pony up a lot more if their systems are ever breached.
That's the main take-away from a new report released by the Ponemon Institute LLC, which shows that the average cost of a data breach to companies is continuing to increase. Ponemon said the breaches from last year that it studied cost an average of about $202 for each compromised customer record. That is 46% higher than the $138 per record that Ponemon cited in its first annual report on breach costs, for 2005. The average cost had previously increased to $182 in 2006 and $197 in 2007, according to Ponemon.
The cost-per-record figures include direct expenses for breach detection, mitigation, notification and response efforts, as well as indirect costs, such as the financial impact of customer defections and lost business opportunities. Ponemon said the average overall cost of the breaches covered in the new report was more than $6.6 million, with individual companies reporting costs that ranged from $613,000 to almost $32 million.
The report was based on a study of breaches at 43 large companies from 17 different industries. The number of customer records that were compromised in the breaches ranged from less than 4,200 to more than 113,000. Those figures are much lower than those associated with the most-publicized breaches, which involve compromised records numbering in the millions, but they're in line with the number of compromised records involved in the types of breaches that companies are typically hit by.
Increasingly, the biggest cost to companies that suffer data breaches is lost business, said Larry Ponemon, chairman of the Elk Rapids, Mich.-based think tank. He added that about $139 of the average per-record breach cost — or 69% of the total — was in the form of lost business last year, while other costs declined. That statistic indicates that although companies are getting better at detecting and responding to data breaches, customers are becoming less tolerant of breaches and showing a growing willingness to take their business elsewhere, Ponemon said.
In the wake of breach reports, "we found customer churn rates actually going up," Ponemon said. "People do care deeply about data being stolen."
That concern was especially evident, he noted, in breaches involving financial services firms and health care organizations, because the data involved in such compromises is often more sensitive than the information at other types of companies.
For instance, the customer-defection trend doesn't appear to have manifested itself in a big way in the retail industry. As an example, the massive breach disclosed in January 2007 by The TJX Companies Inc. was expected to have a dramatic impact on customer trust in the company. But in the quarter immediately after the disclosure, TJX reported one of its strongest-ever financial performances. And in the first year after the breach came to light, the retailer's stock price remained largely unaffected, while its same-store sales increased 4%.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts