Annual study reveals cost of a data breach keeps climbing

Share this article:
Data breaches cost organizations $202 per exposed record last year, a 2.3 percent increase over 2007, concluded the fourth annual Ponemon Institute study released on Monday.

The study, which examined the repercussions felt by 43 U.S. companies that suffered breaches last year, also revealed that lost business makes up nearly 70 percent of breach costs, up from 54 percent just two years ago. The average rate of churn -- defined as the rate by which customers cease doing business with the breached firm -- was 3.6 percent, up from 2.7 percent in 2007 and two percent in 2006.

Financial services firms and health care organizations were the most susceptible to customer attrition following a data-loss incident, experiencing churn rates of 5.5 percent and 6.5 percent, respectively, according to the study. Meanwhile, the average cost of a health-care breach was $282, about $150 more than the average retail breach.

Phil Dunkelberger, CEO of encryption firm PGP, which sponsored the study, said the churn rates show that customers are increasingly dissatisfied with companies that fail to safeguard their information.

"The news is that...with all these compromises going on, when are [organizations] going to get the message that people want their data protected?" he told SCMagazineUS.com. "If you're having a data breach at this point, it's not because, 'Wow, we didn't know.'"

Forty-four percent of respondents said the breaches were caused by third parties, such as outsourcers, contractors, consultants or other partners. That number is up from 40 percent in 2007 and 21 percent in 2005.

"Organizations should closely evaluate the enterprise data protection policies and systems used with and by third-party outsourcers or consultants," the study said, adding that the security of on-demand services also needs to be closely observed.

Companies said they are trying to fix the breach threat by increasing awareness training and instituting measures such as encryption, identity and access management and data-loss prevention, according to the study.

"The data is showing that unless you've got a core strategy, your business is at risk," Dunkelberger said.
Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.