Study: Data breaches continue to get more costly for businesses
Average cost of breaches hits $202 per stolen record, according to Ponemon report
Computerworld - Companies that are reluctant to invest what it takes on data security better be prepared to pony up a lot more if their systems are ever breached.
That's the main take-away from a new report released by the Ponemon Institute LLC, which shows that the average cost of a data breach to companies is continuing to increase. Ponemon said the breaches from last year that it studied cost an average of about $202 for each compromised customer record. That is 46% higher than the $138 per record that Ponemon cited in its first annual report on breach costs, for 2005. The average cost had previously increased to $182 in 2006 and $197 in 2007, according to Ponemon.
The cost-per-record figures include direct expenses for breach detection, mitigation, notification and response efforts, as well as indirect costs, such as the financial impact of customer defections and lost business opportunities. Ponemon said the average overall cost of the breaches covered in the new report was more than $6.6 million, with individual companies reporting costs that ranged from $613,000 to almost $32 million.
The report was based on a study of breaches at 43 large companies from 17 different industries. The number of customer records that were compromised in the breaches ranged from less than 4,200 to more than 113,000. Those figures are much lower than those associated with the most-publicized breaches, which involve compromised records numbering in the millions, but they're in line with the number of compromised records involved in the types of breaches that companies are typically hit by.
Increasingly, the biggest cost to companies that suffer data breaches is lost business, said Larry Ponemon, chairman of the Elk Rapids, Mich.-based think tank. He added that about $139 of the average per-record breach cost — or 69% of the total — was in the form of lost business last year, while other costs declined. That statistic indicates that although companies are getting better at detecting and responding to data breaches, customers are becoming less tolerant of breaches and showing a growing willingness to take their business elsewhere, Ponemon said.
In the wake of breach reports, "we found customer churn rates actually going up," Ponemon said. "People do care deeply about data being stolen."
That concern was especially evident, he noted, in breaches involving financial services firms and health care organizations, because the data involved in such compromises is often more sensitive than the information at other types of companies.
For instance, the customer-defection trend doesn't appear to have manifested itself in a big way in the retail industry. As an example, the massive breach disclosed in January 2007 by The TJX Companies Inc. was expected to have a dramatic impact on customer trust in the company. But in the quarter immediately after the disclosure, TJX reported one of its strongest-ever financial performances. And in the first year after the breach came to light, the retailer's stock price remained largely unaffected, while its same-store sales increased 4%.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!